[opensuse] Dumb question on networks and servers
So I want to use my Linux box to monitor network activity. Do I absolutely need to have the box be like a router that the other computers connect to or is just being on the network suitable to act as a server. In the past I've done routing but if I don't need to route in order to monitor, manage, and log network activity, that's awesome. Also, anyone know of how to do those three acts on opensuse 10.2 or of any third party software that will do that? Thanks all. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wednesday 10 January 2007 09:51, Jay Smith wrote:
So I want to use my Linux box to monitor network activity. Do I absolutely need to have the box be like a router that the other computers connect to or is just being on the network suitable to act as a server. In the past I've done routing but if I don't need to route in order to monitor, manage, and log network activity, that's awesome. Also, anyone know of how to do those three acts on opensuse 10.2 or of any third party software that will do that? Thanks all.
If the NIC in that box implements so-called promiscuous mode, then a packet sniffer / network monitor like Wireshark (http://www.wireshark.org/, formerly Ethereal) will be able to monitor all activity on the particular Ethernet segment to which that NIC is attached. Keep in mind, though, that if there is a router in your setup or even if there's a switch (as opposed to the simpler hub), then you'll never be able to see all the local traffic, since some of it will never traverse the Ethernet segment to which that NIC is attached. To take my own setup as an example, I have a DSL modem connected via a switch to two Linux boxes and a wireless access point with NATing router functionality. There are two computers getting wireless access and two wired connections to that router (it has four wired ports in addition to its wireless interface). One of the Linux boxes has two NICs and one of them is connected directly to the DSL modem and the other to one of the wireless router's wired ports. There's also a TiVO box connected by wire to the router. I'm allocated four static IP addresses, three of which are currently in use. Now, if I wanted to use one of the linux boxes to monitor all network activity in and out of my house, I'd have to replace the switch with a hub so that every package coming from or going to the DSL modem would appear at the Linux box's NIC and could then be captured for analysis. With the switch in the setup, only DSL modem itself sees all the traffic entering or leaving the premises. Also, because of the switch, the DSL modem does not see traffic between any of the local computers. Randall Schulz -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hi Jay,
So I want to use my Linux box to monitor network activity. Do I absolutely need to have the box be like a router that the other computers connect to or is just being on the network suitable to act as a server. In the past I've done routing but if I don't need to route in order to monitor, manage, and log network activity, that's awesome. [...]
If you want to monitor your network, the monitoring box needs to 'see' all the traffic that you want to monitor. Some better switches have the ability to set up one port in monitoring mode - this way all traffic (of computers connected to this switch) will be duplicated to this port. Connect your monitoring computer to this port and set up your monitoring software - e.g. "ntop". -- David Mayr, http://davey.de openSUSE LINUX, http://opensuse.de -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Jay Smith wrote:
So I want to use my Linux box to monitor network activity. Do I absolutely need
to have the box be like a router that the other computers connect to or is just
being on the network suitable to act as a server. In the past I've done routing
but if I don't need to route in order to monitor, manage, and log network
activity, that's awesome. Also, anyone know of how to do those three acts on
opensuse 10.2 or of any third party software that will do that? Thanks all.
If you're using it to monitor network activity, it has to be able to see that activity. This means that if you're simply plugged into one port of a switch, you won't see much, unless that port can be configured to mirror other ports. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (4)
-
David Mayr -
James Knott -
Jay Smith -
Randall R Schulz