[PLUG] setting up a network tap

Chad V on 16 Dec 2008 11:37:25 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] setting up a network tap

From: "Chad V" <csv@gamebox.net>

To: PLUG <plug@lists.phillylinux.org>

Subject: [PLUG] setting up a network tap

Date: Tue, 16 Dec 2008 14:37:19 -0500

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

I'm looking for some ideas on performing a network tap to capture all or certain traffic on a LAN using Wireshark and time is at a premium. The LAN is setup like this: internal network ------ unmanaged switch--------FiOS router------- internet internal network ------ unmanaged switch-----------| I want to be able to grab all the LAN <---> Internet traffic, but don't want to take over router / firewall duties for the network. I think the best idea would be a mirror port on a swtich, but I don't have access to any managed switches. My 2nd idea was to plug the switches, router and linux PC into a hub and run the PC in promiscuous mode. I found an old 10 Mbps hub, but no power cord and I don't want to bottleneck the network connection. I'm supposed to find out what's wrong, not cause more problems. My next idea is to plug the 1 unmanaged switch into the other, then run a cable to NIC-1 on linux pc, then run cable from NIC-2 to router. I believe this qualifies as a bridge. The server would just be capturing traffic via wireshark and monitoring bandwidth used per device with ntop. PC & VoIP phone network ------------------- unmanaged switch-----NIC1-----linux pc-----NIC2------FiOS router ------- internet PC & VoIP phone network ----- unmanaged switch----| Using google, I found this article on building a transparent bridge with he ability to monitor traffic and I'll be following it later. http://www.faqs.org/docs/Linux-HOWTO/Ethernet-Bridge-netfilter-HOWTO.html http://www.icewalkers.com/Linux/Howto/Ethernet-Bridge-netfilter-HOWTO.html http://wiki.wireshark.org/CaptureSetup/Ethernet http://wiki.wireshark.org/CaptureSetup/NetworkInterfaces My questions to the group are thus: 1. Are there any better ways to do it other than what I mentioned? 2. What software would you use? 3. I'm pretty sure the 300 MHz, 128 MB ram, 300 GB hard drive system is good enough to capture 1 business day worth of traffic for a LAN with 8 PC's and 8 VoIP phones with light usage patterns. Do you agree? Thanks for any help! Chad ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] setting up a network tap
From: "Alex Valentine" <asv@ivoss.com>

Re: [PLUG] setting up a network tap
From: jeff <jeffv@op.net>

Re: [PLUG] setting up a network tap
From: sean finney <seanius@seanius.net>

Re: [PLUG] setting up a network tap
From: "James Barrett" <jadoba@jadoba.net>

Prev by Date: [PLUG] debugging firefox extensions

Next by Date: Re: [PLUG] setting up a network tap

Previous by thread: Re: [PLUG] debugging firefox extensions

Next by thread: Re: [PLUG] setting up a network tap

Index(es):

Date

Thread