Date: Tue, 23 Nov 2004 21:10:54 -0500 From: "Michael W. Oliver" <michael@gargantuan.com> To: simon.roberts@earthlink.net Cc: freebsd-hackers@freebsd.org Subject: Re: Network monitoring Message-ID: <20041124021054.GF44958@gargantuan.com> In-Reply-To: <20041124012148.9540.qmail@web52701.mail.yahoo.com> References: <20041124012148.9540.qmail@web52701.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Qxx1br4bt0+wmkIi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2004-11-23T17:21:48-0800, Simon Roberts wrote: > I apologize that this probably isn't the most relevant > list to ask this on. Suggestions for better lists will > be welcome. >=20 > I'm trying to monitor traffice on a 100BaseT ethernet > network link. I split the line, put a "hub" in and am > trying to run tcpdump on a box off the side of the > hub. >=20 > Unfortunately, it turns out the hub isn't a hub, it's > a "switching hub" (what's not a switch about this? I > don't get it). Consequently, all I see are arp > packets, bootp packets, and the odd broadcast. I went > to a local store to buy a hub, and guess what, they > sold me another switching hub, so that has to be > returned :( >=20 > So, the question is, can anyone tell me the > manufacturer and product name of a real (dumb) hub? I > could use 10baseT instead if necessary, I just need > something cheap that is a simple repeater. Of course, > nobody advertizes "our hub really is a totally dumb > hub, not like those fancy switching hubs the > competition sells" ;> >=20 > Any suggestions? Yep, I have a suggestion or two. First, you could try ettercap, which is designed to do all sorts of neat things on switched networks. If you want to really get into the guts of it, check this out: http://www.snort.org/docs/tap/ A passive ethernet tap is a wonderful piece of gear to keep in your toolbox, and unlike other pieces of wonderful gear, it won't cost you thousands of dollars. --=20 Michael W. Oliver [see complete headers for contact information] --Qxx1br4bt0+wmkIi Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBo+2tsWv7q8X6o8kRAg8wAKDEtHoF5y/7xJ0SrWvcPmuWYMQeIgCgjfB5 Uj1NdP5IDZ75GzK6KV5e5yo= =UFCL -----END PGP SIGNATURE----- --Qxx1br4bt0+wmkIi--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041124021054.GF44958>