Network monitoring

Tue Nov 23 18:11:14 PST 2004

On 2004-11-23T17:21:48-0800, Simon Roberts wrote:
> I apologize that this probably isn't the most relevant
> list to ask this on. Suggestions for better lists will
> be welcome.
> 
> I'm trying to monitor traffice on a 100BaseT ethernet
> network link. I split the line, put a "hub" in and am
> trying to run tcpdump on a box off the side of the
> hub.
> 
> Unfortunately, it turns out the hub isn't a hub, it's
> a "switching hub" (what's not a switch about this? I
> don't get it). Consequently, all I see are arp
> packets, bootp packets, and the odd broadcast. I went
> to a local store to buy a hub, and guess what, they
> sold me another switching hub, so that has to be
> returned :(
> 
> So, the question is, can anyone tell me the
> manufacturer and product name of a real (dumb) hub? I
> could use 10baseT instead if necessary, I just need
> something cheap that is a simple repeater. Of course,
> nobody advertizes "our hub really is a totally dumb
> hub, not like those fancy switching hubs the
> competition sells" ;>
> 
> Any suggestions?

Yep, I have a suggestion or two.  First, you could try ettercap, which
is designed to do all sorts of neat things on switched networks.

If you want to really get into the guts of it, check this out:

http://www.snort.org/docs/tap/

A passive ethernet tap is a wonderful piece of gear to keep in your
toolbox, and unlike other pieces of wonderful gear, it won't cost you
thousands of dollars.

-- 
Michael W. Oliver
[see complete headers for contact information]

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20041123/2aadd598/attachment.bin