how capture http outbound traffic to analyze user activities to the internet
helo..im newbie here.my name is hana.
im a networking student doing a final year project about honeypot to analyze user activities to the internet (specific on sensitive information on the internet eg password).
currently im capturing traffic using tcpdump but the results is not what i want it to be. im capturing traffic over interface eth2 (debian analyst workstation) which im also provide wireless for users to connect to my wireless Ap. is it possible to sniffing traffic user connected to my wireless through my eth2 interface?
this is the command of tcpdump:
#tcpdump -i eth2 tcp port 80 -w test.pcap
-but when i capturing the traffic its seem that not much traffic going through even though many users connected to my wireless ap? does anyone know how to solve this problem?
any help much appreciated.thank you.
|