On Friday 01 February 2008 11:01:34 am Chris Jones wrote:
> I have a client whose internet is running very slowly. I suspect that
> there's a lot of traffic coming from somewhere, so I need to sniff the
> traffic to figure out where it's coming/going. Problem is, this is a
> switched network.
>
> The network is a fairly typical setup, going like this:
> internet -> dsl modem -> cisco pix -> linksys switch -> LAN
>
> I can't find a way to get this linksys to go promiscuous, so I'm thinking
> maybe I could set up some kind of machine with two nic's, and have it
> forward all traffic from one nic to the other, and have the machine just
> analyze all traffic as it passes through. Not sure if that's the best
> route, or maybe one of you guys have run across a better option? If that
> is the best way to go, does anyone know of a good free product to do this?
> Or maybe I can somehow use SNMP to pull this info out of the pix? Any
> suggestions?
Well, you could:
1. Replace the linksys with a cheap hub temporarily.
2. Put the linux box on a hub between the pix and the dsl modem (don't assign
an IP address, just run ethereal on the NIC).
3. Or you could go the l33t way and flood the linksys's arp cache, forcing it
to fail open and defaulted to a layer-1 device, after which you could put
your linux box anywhere on the LAN and sniff all traffic ;-)
-- Joey Kelly < Minister of the Gospel | Linux Consultant > http://joeykelly.net
___________________
Nolug mailing list
nolug@nolug.org
This archive was generated by hypermail 2.2.0 : 12/19/08 EST