I’m looking for some help/ideas on the best way to plan a test lab around an IPTV setup.
What I’m looking to do is, capture and document everything that passes between the ADSL Router and the IPTV STB. Including all information sent via encrypted sessions.
The main visual range of the network is running on the 192.168.1.x range but after running ettercap, WireShark and Cain&Able I detect another range at 172.16.99.x this is the one I’m most interested in.
I have a rack Server with dual NIC and 400GB storage {more available via USB if needed} to store all captures packets. I’ve design the basic lab as below using streaker69 post on the China attacks as a guide{ streaker69, Thanks again for posting that design layout}.







Now the question is should I just run ettercap with ARP poisoning on NIC1 or should I run either tcpdump or WireShark via the NIC2 on the Server to capture all packets or is this overkill?


Notes:
The 2nd Router that the PC and Laptop are connected to is a WRT54GS running DD-WRT

Image was done before connecting any of the gear so that why the IP on the RED is wrong :?