Can this be done? Diagnostic Tool

Discussion in 'Linux Networking' started by Curt Bousquet, Nov 20, 2004.

  1. Here is what I would like to build:

    A linux box with two interfaces that I could drop into any
    network, for example between the router and the switch, without
    needing to make any addressing changes.

    Once in place, I'd like to be able to use software like
    ethereal, GKrellm, MRTG or other traffic monitoring software to
    watch traffic by port, type, destination or source address, etc,
    etc, etc in realtime so I can monitor bandwidth usage and types
    of traffic at that point in the network.

    Just plugging a box into the switch wouldn't work, since I want
    to see ALL the traffic, not just stuff addressed to the boxe's
    interface or broadcast traffic...

    I've seen some devices that can be configured with
    'transparant' IP addressing so traffic passes right through. How
    would I do this on, for instance, a Fedora box? Is there some
    kind of project that already exists that gives this kind of
    functionality?

    Thanks for any pointers.
     
    Curt Bousquet, Nov 20, 2004
    #1
    1. Advertisements

  2. Curt Bousquet

    IANAL_VISTA Guest

    Something tells me you have more curiosity than actual networking
    knowledge.

    Not that many years ago, many folks used hubs (before switches got cheap).
    The downside of a hub is that everything plugged into it saw the same
    collection of packets.
    Now if you had one of these hubs and plugged into it your Linux box,
    a cable going to the router, and a cable going to the switch, you could
    place your single NIC into promiscuous read mode & see EVERY packet that
    passes between the router & the switch.

    I do believe this is an easier solution than what you proposed.
     
    IANAL_VISTA, Nov 20, 2004
    #2
    1. Advertisements

  3. Curt Bousquet

    James Knott Guest

    You can use a hub, between the router and switch, though it would cost you
    full duplex and depending on hub, drop you to 10 Mb. Also, some switches
    have a monitoring port.
     
    James Knott, Nov 20, 2004
    #3
  4. Curt Bousquet

    Vilmos Soti Guest

    You need an ethernet bridge. It is essentially having a computer
    with two NICs. They don't have IP addresses, but the traffic
    is forwarded between them. Then you can monitor the traffic.

    Vilmos
     
    Vilmos Soti, Nov 20, 2004
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.