software port monitoring ??

Hi,

I have two windows pc A and B
A : 10.0.0.1
B : 10.0.0.2

and one router (debian shorewall) C : 10.0.0.254

I want a copy of all traffic from B two A, how can i to that ???

news.free.fr wrote:
> Hi,
>
> I have two windows pc A and B
> A : 10.0.0.1
> B : 10.0.0.2
>
> and one router (debian shorewall) C : 10.0.0.254
>
> I want a copy of all traffic from B two A, how can i to that ???

Install tcpdump and/or Ethereal on either
Windows computer and tell it to capture
all the traffic between the computers.

--

Tauno Voipio
tauno voipio (at) iki fi

Tauno Voipio a écrit :
> news.free.fr wrote:
>
>> Hi,
>>
>> I have two windows pc A and B
>> A : 10.0.0.1
>> B : 10.0.0.2
>>
>> and one router (debian shorewall) C : 10.0.0.254
>>
>> I want a copy of all traffic from B two A, how can i to that ???
>
>
> Install tcpdump and/or Ethereal on either
> Windows computer and tell it to capture
> all the traffic between the computers.
>

|--------------| / Host A (win2K 10.0.0.1)
Internet -----| Routeur(deb) |----(Switch)
|--------------| \ Host B (win2K 10.0.0.2)


I want that the routeur, send two A a copy of all packet with ip of B.
is that possible ???

nomp.deb wrote:
> Tauno Voipio a écrit :
>
>> news.free.fr wrote:
>>
>>> Hi,
>>>
>>> I have two windows pc A and B
>>> A : 10.0.0.1
>>> B : 10.0.0.2
>>>
>>> and one router (debian shorewall) C : 10.0.0.254
>>>
>>> I want a copy of all traffic from B two A, how can i to that ???
>>
>>
>>
>> Install tcpdump and/or Ethereal on either
>> Windows computer and tell it to capture
>> all the traffic between the computers.
>>
>
> |--------------| / Host A (win2K 10.0.0.1)
> Internet -----| Routeur(deb) |----(Switch)
> |--------------| \ Host B (win2K 10.0.0.2)
>
>
> I want that the routeur, send two A a copy of all packet with ip of B.
> is that possible ???

Are you interested in traffic from A to B, or
traffic from A or B to/from the Internet?

If you're interested in the Internet traffic,
you can install the tools at the router and
tell to capture the traffic for the host
of interest.

You do not need to duplicate packets, they
can be caught at the router and the trace
can be examined at any of the workstations,
if you can move the file there, using e.g.
Winscp.

--

Tauno Voipio
tauno voipio (at) iki fi

Tauno Voipio a écrit :
> nomp.deb wrote:
>
>> Tauno Voipio a écrit :
>>
>>> news.free.fr wrote:
>>>
>>>> Hi,
>>>>
>>>> I have two windows pc A and B
>>>> A : 10.0.0.1
>>>> B : 10.0.0.2
>>>>
>>>> and one router (debian shorewall) C : 10.0.0.254
>>>>
>>>> I want a copy of all traffic from B two A, how can i to that ???
>>>
>>>
>>>
>>>
>>> Install tcpdump and/or Ethereal on either
>>> Windows computer and tell it to capture
>>> all the traffic between the computers.
>>>
>>
>> |--------------| / Host A (win2K 10.0.0.1)
>> Internet -----| Routeur(deb) |----(Switch)
>> |--------------| \ Host B (win2K 10.0.0.2)
>>
>>
>> I want that the routeur, send two A a copy of all packet with ip of B.
>> is that possible ???
>
>
> Are you interested in traffic from A to B, or
> traffic from A or B to/from the Internet?
>
> If you're interested in the Internet traffic,
> you can install the tools at the router and
> tell to capture the traffic for the host
> of interest.
>
> You do not need to duplicate packets, they
> can be caught at the router and the trace
> can be examined at any of the workstations,
> if you can move the file there, using e.g.
> Winscp.
>

I 'am interested in traffic from B with internet, But I need this
traffic on A.

On Sat, 08 Jan 2005 17:36:35 +0100, nomp.deb <(E-Mail Removed)> wrote:
> Tauno Voipio a écrit :
>> news.free.fr wrote:
>>
>>> Hi,
>>>
>>> I have two windows pc A and B
>>> A : 10.0.0.1
>>> B : 10.0.0.2
>>>
>>> and one router (debian shorewall) C : 10.0.0.254
>>>
>>> I want a copy of all traffic from B two A, how can i to that ???
>>
>>
>> Install tcpdump and/or Ethereal on either
>> Windows computer and tell it to capture
>> all the traffic between the computers.
>>
>
> |--------------| / Host A (win2K 10.0.0.1)
> Internet -----| Routeur(deb) |----(Switch)
> |--------------| \ Host B (win2K 10.0.0.2)
>
>
> I want that the routeur, send two A a copy of all packet with ip of B.
> is that possible ???

If you want to monitor traffic between A & B you would need one of:
- A sniffer on one of the Win boxes.
- A hub (which is half-duplex) instead of switch, so router could sniff.
- Route them through separate nics on the Linux box and log with iptables.

David Efflandt a écrit :
> On Sat, 08 Jan 2005 17:36:35 +0100, nomp.deb <(E-Mail Removed)> wrote:
>
>>Tauno Voipio a écrit :
>>
>>>news.free.fr wrote:
>>>
>>>
>>>>Hi,
>>>>
>>>>I have two windows pc A and B
>>>>A : 10.0.0.1
>>>>B : 10.0.0.2
>>>>
>>>>and one router (debian shorewall) C : 10.0.0.254
>>>>
>>>>I want a copy of all traffic from B two A, how can i to that ???
>>>
>>>
>>>Install tcpdump and/or Ethereal on either
>>>Windows computer and tell it to capture
>>>all the traffic between the computers.
>>>
>>
>> |--------------| / Host A (win2K 10.0.0.1)
>>Internet -----| Routeur(deb) |----(Switch)
>> |--------------| \ Host B (win2K 10.0.0.2)
>>
>>
>>I want that the routeur, send two A a copy of all packet with ip of B.
>>is that possible ???
>
>
> If you want to monitor traffic between A & B you would need one of:
> - A sniffer on one of the Win boxes.
> - A hub (which is half-duplex) instead of switch, so router could sniff.
> - Route them through separate nics on the Linux box and log with iptables.


Yes thanks, but I know that i can do what i want with a HUB. But I can't
change that.

nomp.deb wrote:
>
> I 'am interested in traffic from B with internet, But I need this
> traffic on A.
>

For statistics, install ntop on the router,
set it to fillow the traffic from/to B,
and look at the results from A.

If you cannot install a hub nor a
sniffer cable with a separate hub,
you have to collect the traffic in
the router.

Please note that the kind of sniffing
you're interested in may be illegal.

--

Tauno Voipio
tauno voipio (at) iki fi

Tauno Voipio wrote:
> news.free.fr wrote:
>
>> Hi,
>>
>> I have two windows pc A and B
>> A : 10.0.0.1
>> B : 10.0.0.2
>>
>> and one router (debian shorewall) C : 10.0.0.254
>>
>> I want a copy of all traffic from B two A, how can i to that ???
>
>
> Install tcpdump and/or Ethereal on either
> Windows computer and tell it to capture
> all the traffic between the computers.

Or if he wants to aggregate the traffic for snort or the like
then he needs a switch with a spam port to repplicate all the
traffic.


--

Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
(E-Mail Removed)
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"