'Smart' Hubs

Ryan P. Sommers ryans at rpsommers.com
Fri Sep 9 12:31:52 PDT 2005 

> On Fri, 9 Sep 2005, Brooks Davis wrote:
>> On Fri, Sep 09, 2005 at 04:48:41PM +0200, Andrea Campi wrote:
>> > On Fri, Sep 09, 2005 at 08:39:30AM -0600, Ryan P. Sommers wrote:
>> > Google will tell you more about this, as well as suggesting real hubs.
>> > I'd recommend to go with Netgear.

Ya, this was something of a last minute job we needed to do. We tried
googling around, this hub was mentioned to work on the Ethereal wiki. Must
have been misreported.

>>
>> Alternativly, if you can get your hands on a second ethernet port for
>> your sniffer box, make a passive tap:

This looks intrieging. Trouble is the 2nd port; as I mentioned we want
this to be as portable as possible so we could deploy it in the field with
minimal equiptment outside what we normally carry on jobs. I'd like it to
work with a laptop, if possible. A USB 10/100 jobby might do the trick.

> I came in kinda late to this thread, but if you're trying to find
> a hub/switch in order to sniff network traffic, then you can always
> go for a switch that let's you monitor traffic on other ports.
> I know the Cisco's will let you do this, but I'd be suprised if
> you couldn't find it on some other cheaper switches.

This is something I'm going to look into. I just didn't know off-hand what
switches offered a "monitor" port, or what I'd be needing to spend.

What I'm actually thinking of doing is getting a Soekris net4801 (3
Ethernet ports). I could set it up with FreeBSD or miniBSD and set it to
do a layer-2 bridge between two of the ports. I'm not sure if the bridge
device allows it, but I could set all three up for bridging and then let
one port be the sniffer.

Or, I thought it would be nice to just set it up with 2 ports bridged and
then use the 3rd port as the managment port. I might be able to run a
firewire card off the net4801 provided there is enough power and then
attach an IDE->Firewire for a storage drive. Then just run tcpdump on the
net4801 on the bridge device and store it to the storage drive. Or set it
up with something like SMB, NFS or FTP to pull capture files down over the
management nic port.

Either way, this is a small piece of equiptment that could be portable and
could allow us to use laptops for analyzing the traffic dumps. I've been
looking for an excuse to get a net4801 to play with. :)

Thanks for the replies by the way.

-- 
Ryan Sommers
ryans < a_t > rpsommers.com
(obsolete: ryans at gamersimpact.com)

More information about the freebsd-hackers mailing list