Here is a screenshot showing graylog successfully running on 127.0.0.1:9000
Here is a screenshot of the specs of the cloud VM
The whole process
https://drive.google.com/file/d/1AOl6v1Qp6eWNZM5k9tlwcrvSAFD2IfQZ/view?usp=sharing
Here is a screenshot showing graylog successfully running on 127.0.0.1:9000
Here is a screenshot of the specs of the cloud VM
The whole process
https://drive.google.com/file/d/1AOl6v1Qp6eWNZM5k9tlwcrvSAFD2IfQZ/view?usp=sharing
Routers, Switches and Firewalls
Router-
Is a method of monitoring network traffic, If port mirroring is enabled on a switch, the switch sends copies of the network packets to another port for analysis. For example if computer A wants to communicate to computer B, computer A sends packets to computer B, through the switch, at the same time when the packets reach the switch they are copied and sent to the analysis port (connected to the monitoring computer).
Port mirroring allows packets to be seen on another computer that the packets are normally hidden from.
In core switch in port 5 because that way the traffic from communication between ports 2,3 and 4 through ethernet can be monitored. And the outbound traffic from the core switch port 1 to the internet can be monitored as well.
b)Sequence to enable port mirroring and capture all the suspected traffic
enable
sh monitor
conf t
monitor session 1 source interface fa 0/3
monitor session 1 destination interface fa 0/5
monitor session 2 source interface fa 0/2
monitor session 2 destination interface fa 0/5
monitor session 3 source interface fa 0/4
monitor session 3 destination interface fa 0/5
monitor session 4 source interface fa 0/1
monitor session 4 destination interface fa 0/5
end
sh monitor