From owner-freebsd-hackers@FreeBSD.ORG Fri Sep 9 19:31:52 2005 Return-Path: X-Original-To: hackers@freebsd.org Delivered-To: freebsd-hackers@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C7BDC16A41F for ; Fri, 9 Sep 2005 19:31:52 +0000 (GMT) (envelope-from ryans@rpsommers.com) Received: from mailserv1.neuroflux.com (ns2.neuroflux.com [204.228.228.85]) by mx1.FreeBSD.org (Postfix) with ESMTP id 103F043D4C for ; Fri, 9 Sep 2005 19:31:35 +0000 (GMT) (envelope-from ryans@rpsommers.com) Received: (qmail 37084 invoked by uid 89); 9 Sep 2005 19:33:37 -0000 Received: from unknown (HELO www2.neuroflux.com) (127.0.0.1) by localhost with SMTP; 9 Sep 2005 19:33:37 -0000 Received: from 66.166.104.222 (SquirrelMail authenticated user ryans@rpsommers.com); by www2.neuroflux.com with HTTP; Fri, 9 Sep 2005 13:33:37 -0600 (MDT) Message-ID: <4038.66.166.104.222.1126294417.squirrel@66.166.104.222> In-Reply-To: References: <20050909181841.GB22781@odin.ac.hmc.edu> Date: Fri, 9 Sep 2005 13:33:37 -0600 (MDT) From: "Ryan P. Sommers" To: "Daniel Eischen" User-Agent: SquirrelMail/1.4.3a X-Mailer: SquirrelMail/1.4.3a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: "Ryan P. Sommers" , hackers@freebsd.org, Andrea Campi Subject: Re: 'Smart' Hubs X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Sep 2005 19:31:52 -0000 > On Fri, 9 Sep 2005, Brooks Davis wrote: >> On Fri, Sep 09, 2005 at 04:48:41PM +0200, Andrea Campi wrote: >> > On Fri, Sep 09, 2005 at 08:39:30AM -0600, Ryan P. Sommers wrote: >> > Google will tell you more about this, as well as suggesting real hubs. >> > I'd recommend to go with Netgear. Ya, this was something of a last minute job we needed to do. We tried googling around, this hub was mentioned to work on the Ethereal wiki. Must have been misreported. >> >> Alternativly, if you can get your hands on a second ethernet port for >> your sniffer box, make a passive tap: This looks intrieging. Trouble is the 2nd port; as I mentioned we want this to be as portable as possible so we could deploy it in the field with minimal equiptment outside what we normally carry on jobs. I'd like it to work with a laptop, if possible. A USB 10/100 jobby might do the trick. > I came in kinda late to this thread, but if you're trying to find > a hub/switch in order to sniff network traffic, then you can always > go for a switch that let's you monitor traffic on other ports. > I know the Cisco's will let you do this, but I'd be suprised if > you couldn't find it on some other cheaper switches. This is something I'm going to look into. I just didn't know off-hand what switches offered a "monitor" port, or what I'd be needing to spend. What I'm actually thinking of doing is getting a Soekris net4801 (3 Ethernet ports). I could set it up with FreeBSD or miniBSD and set it to do a layer-2 bridge between two of the ports. I'm not sure if the bridge device allows it, but I could set all three up for bridging and then let one port be the sniffer. Or, I thought it would be nice to just set it up with 2 ports bridged and then use the 3rd port as the managment port. I might be able to run a firewire card off the net4801 provided there is enough power and then attach an IDE->Firewire for a storage drive. Then just run tcpdump on the net4801 on the bridge device and store it to the storage drive. Or set it up with something like SMB, NFS or FTP to pull capture files down over the management nic port. Either way, this is a small piece of equiptment that could be portable and could allow us to use laptops for analyzing the traffic dumps. I've been looking for an excuse to get a net4801 to play with. :) Thanks for the replies by the way. -- Ryan Sommers ryans < a_t > rpsommers.com (obsolete: ryans@gamersimpact.com)