On Wednesday 10 January 2007 09:51, Jay Smith wrote:
So I want to use my Linux box to monitor network activity. Do I absolutely need to have the box be like a router that the other computers connect to or is just being on the network suitable to act as a server. In the past I've done routing but if I don't need to route in order to monitor, manage, and log network activity, that's awesome. Also, anyone know of how to do those three acts on opensuse 10.2 or of any third party software that will do that? Thanks all.
If the NIC in that box implements so-called promiscuous mode, then a packet sniffer / network monitor like Wireshark (http://www.wireshark.org/, formerly Ethereal) will be able to monitor all activity on the particular Ethernet segment to which that NIC is attached. Keep in mind, though, that if there is a router in your setup or even if there's a switch (as opposed to the simpler hub), then you'll never be able to see all the local traffic, since some of it will never traverse the Ethernet segment to which that NIC is attached. To take my own setup as an example, I have a DSL modem connected via a switch to two Linux boxes and a wireless access point with NATing router functionality. There are two computers getting wireless access and two wired connections to that router (it has four wired ports in addition to its wireless interface). One of the Linux boxes has two NICs and one of them is connected directly to the DSL modem and the other to one of the wireless router's wired ports. There's also a TiVO box connected by wire to the router. I'm allocated four static IP addresses, three of which are currently in use. Now, if I wanted to use one of the linux boxes to monitor all network activity in and out of my house, I'd have to replace the switch with a hub so that every package coming from or going to the DSL modem would appear at the Linux box's NIC and could then be captured for analysis. With the switch in the setup, only DSL modem itself sees all the traffic entering or leaving the premises. Also, because of the switch, the DSL modem does not see traffic between any of the local computers. Randall Schulz -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org