Capture and log all LAN traffic - no access to router or firewall

Hello there,

I am looking for a solution for our LAN traffic monitoring and would like to use some opensource linux application.
I have a linux box with two NIC cards and what I thought is the following:

Our setup is as follows. Internet comes in through the router and into the firewall. From the firewall it goes into our switch and distributed among the workstations.
I have no access to the router or the firewall as they are centrally configured. I would like to place a device into the loop through which I could monitor the LAN traffic.

Can I put a linux box between the firewall and the switch and have all packets going through registered and logged? I have a proxy server (non transparent) and that captures some but not all. I would like to get all packets registered without interfering with the LAN etc.

Thanks for any help,

Ben

Well, It's quite confusing.
You want to monitor internet traffic or LAN traffic?

I guess you mean traffic to public domain from your private domain.

Yes. You can put a linux box having 2 NICs, between firewall and router.
In that way you can log the traffic you want.

It depends on whether you are wanting to monitor
only the traffic to and from the internet, or that between
computers on the LAN.

Simply putting a computer between the firewall and the switch
would enable monitoring of all traffic in and out of the LAN, but
not between the individual computers.

Doing that involves a hacking technique called arp spoofing.
It alters the behavior of the switch in order to give one of the
attached computers access to traffic that otherwise would be segregated
to the others. Don't play with it unless you own the network
or have explicit permission from the owner. You can wind up
disrupting things big time.
:cool:

Hi,

Sorry for being ambiguous, but your assumption is right. I want to monitor Lan to Internet traffic and vice versa.

Basically now with my Squip proxy I am captuirng all traffic that goes out on port 80, 21, 443 etc but I am not capturing the P2P traffic etc.

I have the linux box built and I can just put it between the switch and firewal. I do not need to know what goes on in our LAN, only what goes out and what comes in.

Thanks for any help,

Ben