Find the answer to your Linux question:
Results 1 to 4 of 4
Hello there, I am looking for a solution for our LAN traffic monitoring and would like to use some opensource linux application. I have a linux box with two NIC ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2007
    Posts
    2

    Capture and log all LAN traffic - no access to router or firewall


    Hello there,

    I am looking for a solution for our LAN traffic monitoring and would like to use some opensource linux application.
    I have a linux box with two NIC cards and what I thought is the following:

    Our setup is as follows. Internet comes in through the router and into the firewall. From the firewall it goes into our switch and distributed among the workstations.
    I have no access to the router or the firewall as they are centrally configured. I would like to place a device into the loop through which I could monitor the LAN traffic.

    Can I put a linux box between the firewall and the switch and have all packets going through registered and logged? I have a proxy server (non transparent) and that captures some but not all. I would like to get all packets registered without interfering with the LAN etc.

    Thanks for any help,

    Ben

  2. #2
    Linux Engineer b2bwild's Avatar
    Join Date
    Jul 2008
    Location
    Behind You!
    Posts
    1,108
    Well, It's quite confusing.
    You want to monitor internet traffic or LAN traffic?

    I guess you mean traffic to public domain from your private domain.

    Yes. You can put a linux box having 2 NICs, between firewall and router.
    In that way you can log the traffic you want.
    Never make any misteaks.

    Read my Blog at --> Penguin Inside Subscribe Feed

  3. #3
    Linux Engineer rcgreen's Avatar
    Join Date
    May 2006
    Location
    the hills
    Posts
    1,134

    Cool

    It depends on whether you are wanting to monitor
    only the traffic to and from the internet, or that between
    computers on the LAN.

    Simply putting a computer between the firewall and the switch
    would enable monitoring of all traffic in and out of the LAN, but
    not between the individual computers.

    Doing that involves a hacking technique called arp spoofing.
    It alters the behavior of the switch in order to give one of the
    attached computers access to traffic that otherwise would be segregated
    to the others. Don't play with it unless you own the network
    or have explicit permission from the owner. You can wind up
    disrupting things big time.

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Jan 2007
    Posts
    2
    Hi,

    Sorry for being ambiguous, but your assumption is right. I want to monitor Lan to Internet traffic and vice versa.

    Basically now with my Squip proxy I am captuirng all traffic that goes out on port 80, 21, 443 etc but I am not capturing the P2P traffic etc.

    I have the linux box built and I can just put it between the switch and firewal. I do not need to know what goes on in our LAN, only what goes out and what comes in.

    Thanks for any help,

    Ben

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •