Thomas Harold wrote: > I have a really basic question (I think). We have two boxes connected > to a lan segment on a hub. One is a Windows box running "Show Traffic", > the other is a CentOS 5 Linux box running "ntop". Both boxes should be > able to sniff all of the traffic on that hub (not a switch). > > The Windows box does just fine, Show Traffic is able to display traffic > destined for other boxes on the network segment. > > The linux box, OTOH, seems to only see multicast traffic and traffic > that is destined for its interface. >
The follow-up answer to this issue was that it seems that the Intel PRO/1000 dual-port PCIe card does indeed not function correctly in promiscuous mode when connected to a 100Mbps hub. (In this particular case, it was hooked to a 10/100 dual-speed hub. The windows box was running a 100Mbps NIC and had no issues capturing all traffic.) We swapped out the 10/100 dual-speed hub and have installed a 10/100/1000 switch. We configured port 1 as our "monitoring" / "sniffing" port and told the switch to mirror all inbound/outbound traffic to that port. Our server with the Intel dual-port gigabit PCIe NIC is now able to report on all traffic with ntop (and other tools). Shorewall was not getting in the way at all, it seems to be purely a hardware or driver issue under Linux. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
