Well, this is a hard one.
I am the Security Guy/IT guy at work.
And well recently they are having problems with slow networks.
So I want to Analyze there problem. I am used to do that on my own box with Wireshark (holy program ^^). Most of the time Ill find Collisions/Traffic on Ports not know and can fix them using Wireshark.
Well, the problem now is, there is a Box that I cant install something on.. (Wireshark) to fix the problem. The Box is having troubles and its a REALLY important server.
So, I was thinking what the best way was to sniff its Traffic to Analyze it later on WITHOUT destorying the network. (eg ARP-Poisoning).
So I came with the idea of placing a box between the Box that has Troubles and the network. So all the Traffic goes though my box and so I can sniff.
Smart idea, but here is the Tricky part.
Is there a way to Cloak the box. meaning I don't want ANY ip-addresses to change.
Everybody get a IP assigned using DHCP. And the IP addresses are saved to their MAC address.
SO everybody always has the Same IP. And when a now box joins the network he automatically gets a IP since of the DHCP..
So, I want to plug a Box between a DHCP server and a Important Server. So I can sniff its Traffic for later Analyzes. But I don't want to interfere with the IP-address Scheme. (doing this for MAC address is really easy so I don't worry about that.)
But, well how can I "Cloak" my Device? Or is it even possible? (I really doubt it is.. but well I thought lets ask.)