There's no need to muck with iptables to make two ports into a switch. This is done using a bridge interface. Network Manager will even let you create a bridge (including running spanning tree) for any ports on the system. Might not have the lowest latency of a dedicated hardware switch, but if traffic is only over a LAN shouldn't be noticeable. Just add wireshark.
I do have a Cisco SG300 managed switch on my home network. Offers both command line, and web GUI for management. Similar enough to Cisco IOS that anyone who's used that should be comfortable. Good specs on a lower cost switch and most of the features of the Cisco Catalyst enterprise switches. On Tue, 15 Apr 2014 12:43:16 -0400 Tom Buskey <t...@buskey.name> wrote: > For gigabit, there's no such thing as a hub. > > You need a managed switch so you can create a mirror port. Netgear makes > an 8 port one that's ~ $100. I think they have a 5 port version too. It > can also do vlan, 802.3ad (bond/trunk 2 ports together for faster > throughput) > > Splice the switch into your server & mirror to your sniffer port. Run > wireshark, tcpdump, snoop (Solaris?) on that port. Filtering will probably > be needed so you can keep up. > > If you don't have a switch, you might be able to take a PC with 2 network > ports and muck with iptables to make it into a switch. You'll spend more > in labor then on the switch. > > > > > On Mon, Apr 14, 2014 at 7:21 PM, Richard Kolb II > <richard.k...@gmail.com>wrote: > > > whatever happened to just plain old snoop? > > > > > > On Mon, Apr 14, 2014 at 5:44 PM, Kevin D. Clark <kevin_d_cl...@comcast.net > > > wrote: > > > >> > >> Joshua Judson Rosen writes: > >> > >> > "Michael ODonnell" writes: > >> > > > >> > > I don't know what your situation is but if there's a managed > >> > > switch involved I believe that some of them can be rigged to > >> > > echo traffic to one or more specified ports for analysis/debug. > >> > > >> > Mm. Good point. I don't think I have any managed switches on-hand; > >> > any recommendations as to what I should get, if I go that route? > >> > >> The feature you'd want here is commonly called port mirroring or port > >> spanning. > >> > >> More info here: > >> > >> http://wiki.wireshark.org/CaptureSetup/Ethernet > >> > >> > >> I do have a small word of advice: it is generally useful when > >> capturing traffic for analysis to come up with some sort of "capture > >> filter" that limits the amount of traffic that you're going to end up > >> with. On a really busy link, this can make it a lot easier to analyze > >> the traffic at a later time. > >> > >> Regards, > >> > >> --kevin > >> -- > >> alumni.unh.edu!kdc / http://kdc-blog.blogspot.com/ > >> GnuPG: D87F DAD6 0291 289C EB1E 781C 9BF8 A7D8 B280 F24E > >> > >> And the Army Ants, they leave nothin' but the bones... > >> -- Tom Waits > >> _______________________________________________ > >> gnhlug-discuss mailing list > >> gnhlug-discuss@mail.gnhlug.org > >> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ > >> > > > > > > > > -- > > > > Richard Kolb II > > > > > > _______________________________________________ > > gnhlug-discuss mailing list > > gnhlug-discuss@mail.gnhlug.org > > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ > > > >
signature.asc
Description: PGP signature
_______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
