On Sun, 17 Aug 2003, Ross Wheeler wrote: > > On Sun, 17 Aug 2003, Howard Lowndes wrote: > > > I need to configure a Linux box as a transparent data sniffer between an > > Internet connection router and the subnet hub/switch to which it is > > connected (see ASCII art below) > > > > Before: > > > > } +-------------+ > > } +--------+ | |------- > > I'net }--| router |---------------------| switch/hub |------- subnet > > } +--------+ | |------- > > } +-------------+ > > A B > > > > After: > > > > } +-------------+ > > } +--------+ +---------+ | |------- > > I'net }--| router |-----| sniffer |-----| switch/hub |------- subnet > > } +--------+ +----|----+ | |------- > > } | +-------------+ > > A C | D B > > E > > > > The requirement is that interface A must continue to think that is is > > still talking to the same addresses at B and the interfaces at B must > > continue to think they are talking to the address at A. IOW, interface D > > must mimic interface A and interface C must mimic interfaces B. > > Connection to the sniffer will be at interface E. > > > > This to enable a transparent man-in-the-middle data sniff. It's OK, it is > > for a legitimate purpose :) > > > > Does anyone have any pointers to this config. I believe it was discussed > > on SLUG a few years back, but I can't think where to start looking. > > Seriously, why not make a cable with the TX pair disconnected and plug a > single interface into the existing link and sniff it directly, or, if it > is a HUB, simply plug into the hub? > > I understand your problem if you have a switch there, but the first > suggestion covers that.
But then it will have to have an IP address from the subnet, which will mean that it is not transparent. -- Howard. LANNet Computing Associates - Your Linux people <http://www.lannetlinux.com> ------------------------------------------ Flatter government, not fatter government - Get rid of the Australian states. ------------------------------------------ I before E except after C. We live in a weird society! -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
