Sniffing before the firewall

I've an ubuntu laptop with two network cards. One network card is
connected to a switch behind a firewall, the other i want to connect to
a hub that I have installed between the firewall and the switch. I
want to use ethereal to sniff the traffic on the network through the
Hub, but the second network card does not take to an ip address.
The network looks like this:

Internet------>cable modem ----->Firewall------->Hub------>Switch------>Network

If have tried putting the card into promiscious mode and but it does
not connect? Where should I start looking to troubleshoot? Thanks.

On Sun, 16 Apr 2006, in the Usenet newsgroup comp.os.linux.networking, in
article <2006041614274716807-wrightplace2305@gmailcom>, Sebastian wrote:

>I've an ubuntu laptop with two network cards.

You have an unidentified laptop running Ubuntu, that has two unidentified
Ethernet interfaces.

>One network card is connected to a switch behind a firewall, the other i
>want to connect to a hub that I have installed between the firewall and
>the switch.

OK - fairly common use

>I want to use ethereal to sniff the traffic on the network through the
>Hub, but the second network card does not take to an ip address.

What happens? Does the computer catch on fire?

>If have tried putting the card into promiscious mode and but it does
>not connect? Where should I start looking to troubleshoot?

Normally, give the sniffer interface a _static_ RFC3330 address such as
"192.0.2.x" and tell your sniffer to NOT look up hostnames. Give more
details, and you might get additional assistance.

Old guy

Thanks for responding.

On 2006-04-17 20:12:43 -0400, (E-Mail Removed) (Moe Trin) said:

> On Sun, 16 Apr 2006, in the Usenet newsgroup comp.os.linux.networking, in
> article <2006041614274716807-wrightplace2305@gmailcom>, Sebastian wrote:
>
>> I've an ubuntu laptop with two network cards.

Its an HP N5475 with Ubuntu 5.10 installed and one internal card and
one netgear MA 510 or 310 can't remember which. When I connect either
card to the switch, and configure a static ip address, both cards work.

>
> You have an unidentified laptop running Ubuntu, that has two unidentified
> Ethernet interfaces.
>
>> One network card is connected to a switch behind a firewall, the other i
>> want to connect to a hub that I have installed between the firewall and
>> the switch.
>
> OK - fairly common use
>
>> I want to use ethereal to sniff the traffic on the network through the
>> Hub, but the second network card does not take to an ip address.

When I connect the Netgear card to the hub instead of the switch, the
light on card does not come on and the light on the hub does not come
on. When I try to sniff the ethereal traffic i get no captured packets
on the netgear interface. No fires It does capture packets on the
interface connected to the switch.
>
> What happens? Does the computer catch on fire?
>
>> If have tried putting the card into promiscious mode and but it does
>> not connect? Where should I start looking to troubleshoot?
>
> Normally, give the sniffer interface a _static_ RFC3330 address such as
> "192.0.2.x" and tell your sniffer to NOT look up hostnames. Give more
> details, and you might get additional assistance.

This is what i think that i did. i gave the netgear a static address
of 192.168.1.16, a subnet mask of 255.255.255.0 and no route to gateway
and put the card into promiscious mode. I then told ethereal to
capture packets, but received nothing.



>
> Old guy

On Tue, 18 Apr 2006, in the Usenet newsgroup comp.os.linux.networking, in
article <2006041806340975249-wrightplace2305@gmailcom>, Sebastian wrote:

>Its an HP N5475 with Ubuntu 5.10 installed and one internal card and
>one netgear MA 510 or 310 can't remember which. When I connect either
>card to the switch, and configure a static ip address, both cards work.

OK - I can't identify either the MA 310 or MA 510. Is everything running
at 10BaseT half duplex? That's all a hub is going to be able to work with.

>When I connect the Netgear card to the hub instead of the switch, the
>light on card does not come on and the light on the hub does not come
>on. When I try to sniff the ethereal traffic i get no captured packets
>on the netgear interface.

If you give a command SUCH AS

/sbin/ifconfig eth0 192.0.2.2 netmask 255.255.255.0

and then

/sbin/ifconfig eth0

do you see the card? Is it seeing ANY indication of packets counts or errors?

>No fires It does capture packets on the interface connected to the switch.

That's a standard question when someone says "it doesn't work"

>This is what i think that i did. i gave the netgear a static address
>of 192.168.1.16, a subnet mask of 255.255.255.0 and no route to gateway
>and put the card into promiscious mode. I then told ethereal to
>capture packets, but received nothing.

That sounds OK, although I don't have ethereal on this box to check. With
the more common 'tcpdump', you don't need to use ifconfig to put the card
into promiscious mode - the application does it for you.

Old guy