> On Fri, 9 Sep 2005, Brooks Davis wrote: >> On Fri, Sep 09, 2005 at 04:48:41PM +0200, Andrea Campi wrote: >> > On Fri, Sep 09, 2005 at 08:39:30AM -0600, Ryan P. Sommers wrote: >> > Google will tell you more about this, as well as suggesting real hubs. >> > I'd recommend to go with Netgear.
Ya, this was something of a last minute job we needed to do. We tried googling around, this hub was mentioned to work on the Ethereal wiki. Must have been misreported. >> >> Alternativly, if you can get your hands on a second ethernet port for >> your sniffer box, make a passive tap: This looks intrieging. Trouble is the 2nd port; as I mentioned we want this to be as portable as possible so we could deploy it in the field with minimal equiptment outside what we normally carry on jobs. I'd like it to work with a laptop, if possible. A USB 10/100 jobby might do the trick. > I came in kinda late to this thread, but if you're trying to find > a hub/switch in order to sniff network traffic, then you can always > go for a switch that let's you monitor traffic on other ports. > I know the Cisco's will let you do this, but I'd be suprised if > you couldn't find it on some other cheaper switches. This is something I'm going to look into. I just didn't know off-hand what switches offered a "monitor" port, or what I'd be needing to spend. What I'm actually thinking of doing is getting a Soekris net4801 (3 Ethernet ports). I could set it up with FreeBSD or miniBSD and set it to do a layer-2 bridge between two of the ports. I'm not sure if the bridge device allows it, but I could set all three up for bridging and then let one port be the sniffer. Or, I thought it would be nice to just set it up with 2 ports bridged and then use the 3rd port as the managment port. I might be able to run a firewire card off the net4801 provided there is enough power and then attach an IDE->Firewire for a storage drive. Then just run tcpdump on the net4801 on the bridge device and store it to the storage drive. Or set it up with something like SMB, NFS or FTP to pull capture files down over the management nic port. Either way, this is a small piece of equiptment that could be portable and could allow us to use laptops for analyzing the traffic dumps. I've been looking for an excuse to get a net4801 to play with. :) Thanks for the replies by the way. -- Ryan Sommers ryans < a_t > rpsommers.com (obsolete: [EMAIL PROTECTED]) _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
