Find the answer to your Linux question:
Results 1 to 5 of 5
Let's assume I throw in a multiple port Ethernet card into my Linux box -- beyond the interface I use now. Would there be any software that I could use ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Banned
    Join Date
    Dec 2002
    Location
    Texas
    Posts
    242

    Transparent Traffic Sniffing


    Let's assume I throw in a multiple port Ethernet card
    into my Linux box -- beyond the interface I use now.
    Would there be any software that I could use to put
    the two interfaces inline with an existing cable run to
    transparently gather packets on the wire? Since I do
    not have a hub or managed switch that I can use for
    doing the normal port monitoring setup. NICs are not
    expensive, so it should be a quick/easy solution if the
    software exists for doing such a configuration.

  2. #2
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Location
    Texas
    Posts
    1,692
    If traffic passes through either interface (proxy server / NAT) you can capture packets using tcpdump or wireshark.

    Since I do
    not have a hub or managed switch that I can use for
    doing the normal port monitoring setup.
    What are you monitoring for? There may be a better solution.

  3. #3
    Banned
    Join Date
    Dec 2002
    Location
    Texas
    Posts
    242
    Quote Originally Posted by anomie View Post
    If traffic passes through either interface (proxy server / NAT) you can capture packets using tcpdump or wireshark.
    The traffic is passing between two standalone devices.
    Neither is Windows or Linux, so I can't login for sniffing.

    Quote Originally Posted by anomie View Post
    What are you monitoring for? There may be a better solution.
    In this instance, I want to watch the packets coming in
    from a cable modem to the router. There is debate on
    whether the packets are even arriving at the router or if
    the router is actually dropping / ignoring them.

    And, yes, this is a dumb SOHO "router" so it's not a fancy
    device that I would be able to login and run debug logging.

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Location
    Texas
    Posts
    1,692
    Then my advice is not going to apply. I don't know of any way for you two sniff traffic between a cable modem and a hardware router with your current setup.

    If you want to describe the problem symptoms further, maybe someone can help.

  6. #5
    Banned
    Join Date
    Dec 2002
    Location
    Texas
    Posts
    242
    Quote Originally Posted by anomie View Post
    Then my advice is not going to apply. I don't know of any way for you two sniff traffic between a cable modem and a hardware router with your current setup.
    In the interest of time, I think I'm going to just stick a
    laptop between the modem and router, attempt making
    my connection and sniff the incoming packets. Although
    I would still be interested to hear from anyone that may
    have a suggestion for an "inline" sniffing configuration in
    the event I need to do this in a situation where it's not
    as easy as swapping out the machines.

    Quote Originally Posted by anomie View Post
    If you want to describe the problem symptoms further, maybe someone can help.
    I'm trying to setup a VPN server from a commodity device.
    The client says there's no incoming packets, so I'm trying
    to verify the packets are reaching the router and that it's
    not the router that's malfunctioning.

    Although a router malfunctioning will be easier to resolve
    than trying to convince the ISP to open any ports they're
    blocking...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •