"James S. Kaplan" wrote:
> At 03:55 PM 1/19/2001, you wrote:
>
> > My idea is to build a dual nic'd linux box and connect it between
> >our top level switch and our wan router. With this setup I should be
> >able to see all of the network traffic that is traveling across the wan
> >link, right?
>
> You can place the Linux box anywhere on the network. To see traffic
> on a particular segment, just plug a nic into the segment's hub. Typically,
> a linux installation doesn't need multiple nic's unless it's a firewall, router
> or secure server. Any nic, on a Linux box or not, can view traffic on it's
> segment.
>
My problem is we are running full duplex switches ( a mix of BayStack 350-24Ts and
BayStack 70-24Ts ). Since we are running a switched environment, I can only see the
data that is running between the linux box and the switch. Nothing else.
>
> > Now for my questions. Will this setup work? What will I have to
> >setup to forward the traffic from one nic to the other, and still have
> >ethereal see the traffic.
>
> You'll want to enable ipforwarding or make modules for ip_forward and
> ip_port_fw
> only if you are sending data outbound. Tools like ethereal and ksnuffle allow
> you to specify the network device to monitor. So there's no need to forward
> nic-to-nic unless you are routing with the Linux box.
>
I figure if I run the linux box as a router between the backbone switch and the
router, then I should be able to see all of the traffic destined for the T1.
>
> >Also how much of a machine will I need for
> >this? Currently I am looking at using a Pentium Pro 200 with 128 MB of
> >ram.
>
> That's more than enough for this application and more. I have a Linux
> ISDN router installed in 1997, still plugging away on a 486SX with 16MB
> RAM and a 800MB disk.
>
That is what I figured.
>
> >Does anybody know of a package that would generate a html page of
> >the T1 usage? Has anybody done this before?
>
> Check javascript.com or links found there for network resource doo-dah's.
>
Will do, thanks.
>
> Does your switch or router allow usage logging? If not, it may make sense
> to let the Linux box route for you. Then you can watch traffic, ports, users,
> bandwidth and much, much more. A typical Linux installation will run circles
> around *most* router and some switch hardware.
>
We currently have a Cisco 2600 router. I do not have the authority to replace the
switch so I am stuck with that. I have found plugin analyzers (Nortel sells one or
two) but they are expensive and I have a budget to $0. If I can make linux come
through for this, I might be able to convince the other people in my company of the
value of linux.
Cory mentioned something earlier that has me digging around. I found settings on
our switch for a "Mirrored Port". From what I can tell, I should be able to copy
all of the traffic from port X to Port Y and stick a traffic analyzer on that. I
think ethereal will do the trick but I am not sure.
Thanks for all the help.
Garl
