Find the answer to your Linux question:
Results 1 to 5 of 5
Is it possible to turn off the transmission functionality of a NIC on a Linux box without disabling the receiving functionality? Basically, I want to troubleshoot a networking line by ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2009
    Posts
    12

    Linux box as a port sniffer


    Is it possible to turn off the transmission functionality of a NIC on a Linux box without disabling the receiving functionality? Basically, I want to troubleshoot a networking line by running Wireshark on the Linux box without the Linux box adding any extra traffic to the line. I need it to listen but not transmit. I have a cat5 splitter (true 1-to-1 mapping on all 8 pins) that I would use to split the signal on the ethernet cable into my Linux box.

    Thanks,
    Dan

  2. #2
    Linux Guru
    Join Date
    Nov 2007
    Posts
    1,752
    Remove the transmit pin...clip the CAT5/attach an RJ45 head.

  3. #3
    Just Joined!
    Join Date
    Apr 2009
    Posts
    12
    Clever idea...

    Although, wouldn't the NIC still attempt to transmit and thus add extra traffic to the Wireshark log? I suppose I could easily filter those messages out of Wireshark.

  4. #4
    Linux Guru
    Join Date
    Nov 2007
    Posts
    1,752
    The NIC is "up" or "down" as far as the kernel is concerned. Without writing a custom driver, I don't think you're going to get that functionality at the kernel/driver level.

    ** A *Nix machine is typically very quiet on a network - not like a Windows system. The machine will only respond to queries to it. Since it can't send, no other machine will know it's on the network and thus will not be sending it queries. Obviously, the system is also not running a service that would respond to broadcasts (DHCP server, PXE, etc.) I would only expect the machine to "try" and respond to typical multicast requests - and that volume would depend on what else is on the network and what it is doing.

    Edit: Oh, the NIC can also be "up'ed" but not have an IP address. This will mean it cannot respond to IP traffic. Other traffic will be possible though.

  5. #5
    Just Joined!
    Join Date
    Apr 2009
    Posts
    12
    Understood.

    I think I'll try your idea of clipping the transmit pin. And then just have Wireshark filter out any traffic from the NIC. Thanks for your help!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •