Find the answer to your Linux question:
Results 1 to 4 of 4
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Capture and log all LAN traffic - no access to router or firewall

    Hello there,

    I am looking for a solution for our LAN traffic monitoring and would like to use some opensource linux application.
    I have a linux box with two NIC cards and what I thought is the following:

    Our setup is as follows. Internet comes in through the router and into the firewall. From the firewall it goes into our switch and distributed among the workstations.
    I have no access to the router or the firewall as they are centrally configured. I would like to place a device into the loop through which I could monitor the LAN traffic.

    Can I put a linux box between the firewall and the switch and have all packets going through registered and logged? I have a proxy server (non transparent) and that captures some but not all. I would like to get all packets registered without interfering with the LAN etc.

    Thanks for any help,


  2. #2
    Linux Engineer b2bwild's Avatar
    Join Date
    Jul 2008
    Behind You!
    Well, It's quite confusing.
    You want to monitor internet traffic or LAN traffic?

    I guess you mean traffic to public domain from your private domain.

    Yes. You can put a linux box having 2 NICs, between firewall and router.
    In that way you can log the traffic you want.

  3. #3
    Linux Engineer rcgreen's Avatar
    Join Date
    May 2006
    the hills


    It depends on whether you are wanting to monitor
    only the traffic to and from the internet, or that between
    computers on the LAN.

    Simply putting a computer between the firewall and the switch
    would enable monitoring of all traffic in and out of the LAN, but
    not between the individual computers.

    Doing that involves a hacking technique called arp spoofing.
    It alters the behavior of the switch in order to give one of the
    attached computers access to traffic that otherwise would be segregated
    to the others. Don't play with it unless you own the network
    or have explicit permission from the owner. You can wind up
    disrupting things big time.

  4. $spacer_open
  5. #4

    Sorry for being ambiguous, but your assumption is right. I want to monitor Lan to Internet traffic and vice versa.

    Basically now with my Squip proxy I am captuirng all traffic that goes out on port 80, 21, 443 etc but I am not capturing the P2P traffic etc.

    I have the linux box built and I can just put it between the switch and firewal. I do not need to know what goes on in our LAN, only what goes out and what comes in.

    Thanks for any help,


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts