> I have a really basic question (I think). We have two boxes connected > to a lan segment on a hub. One is a Windows box running "Show Traffic", > the other is a CentOS 5 Linux box running "ntop". Both boxes should be > able to sniff all of the traffic on that hub (not a switch). > > The Windows box does just fine, Show Traffic is able to display traffic > destined for other boxes on the network segment. > > The linux box, OTOH, seems to only see multicast traffic and traffic > that is destined for its interface. > > ... > > So the question is: Is it possible that I have locked down the firewall > settings in such a way as to block packets not destined for the interface? > > (Everything else on the box works fine. Shorewall / netfilter is doing > its job quite well.)
Are you really sure your CentOS 5 interfaces are running in promiscuous mode? But, my first idea was: What kind of hub do you use? If you are using a dualspeed hub and you run boxes with different ethernet speeds, then what you see is expected. Dualspeed hubs are switching between the 10M and 100M ports, they only work like 'hubs' if all port have the same speed. Simon ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
