If I understand all this properly, I have two sane choices: * put a dumb hub between the router and network switch, plug a promiscuous box into it and run something like ethereal on it * put a linux box instead of the dumb hub, set it up as a bridge and run (what?) to monitor traffic
does that sound right? If so, option one sounds a lot easier. many thanks... David. On Wed, 2008-01-09 at 09:35 +1100, Dean Hamstead wrote: > these two links might help > > http://tldp.org/HOWTO/Bridge+Firewall.html > > http://www.linux-foundation.org/en/Net:Bridge > > Dean > > Alex Samad wrote: > > On Tue, Jan 08, 2008 at 06:53:51AM +0000, Visser, Martin wrote: > >> This won't work if it is a network with a dumb (cheap/unmanaged) switch. > >> (An old dumb hub/repeater would be fine but almost no one uses these > >> nowdays). > >> > >> You really either need to get access to the gateway (and even then it may > >> not support any decent stats or raw capture) or have a switch that > >> supports port mirroring (where it makes a copy of all the traffic on all > >> ports to a particular nominated port). > > > > or get a linux box with 2 nic and bridge between the switch and then gateway > >> There is a "bad" (read crackers) tool called ettercap which can trick all > >> your hosts to send their traffic to another other host by spoofing ARP > >> responses, but in my opinion it will generally degrade your network and > >> hence interfere in your measurement, so you probably should ignore this. > >> > >> > >> Martin Visser > >> > >> Technology Consultant > >> Technology Solutions Group - HP Services > >> > >> 410 Concord Road > >> Rhodes NSW 2138 > >> Australia > >> > >> Mobile: +61-411-254-513 > >> Fax: +61-2-9022-1800 > >> E-mail: martin.visserAThp.com > >> > >> This email (including any attachments) is intended only for the use of the > >> individual or entity named above and may contain information that is > >> confidential, proprietary or privileged. If you are not the intended > >> recipient, please notify HP immediately by return email and then delete > >> the email, destroy any printed copy and do not disclose or use the > >> information in it. > >> > >> > >> -----Original Message----- > >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aleksey > >> Tsalolikhin > >> Sent: Tuesday, 8 January 2008 4:10 PM > >> To: [email protected] > >> Subject: Re: [SLUG] measuring traffic > >> > >> Have you tried ntop? It should show you what the top usage is on your > >> network. That might be the answer you are looking for. > >> > >> Best, > >> -at > >> > >> On Jan 7, 2008 8:49 PM, david <[EMAIL PROTECTED]> wrote: > >>> I have a local network for which I do not have access to the gateway > >>> host. > >>> > >>> What tool would folk suggest to determine what and how much traffic is > >>> going to what port on which host? > >>> > >>> I've got 8 hosts on the network which are a mixture of mac and linux, > >>> mostly on public IP addresses, and the bandwidth is getting chewed up > >>> by something but i can't tell what. > >>> > >>> thanks... > >>> > >>> David. > >>> > >>> -- > >>> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > >>> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > >>> > >> -- > >> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > >> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > >> -- > >> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > >> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > >> -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
