Solved

Ethernet in promiscuous mode

Posted on 1998-01-13
5
193 Views
Last Modified: 2008-03-17
Hi there!
I'm building a linux machine with 2 Ethernet cards in promiscuous mode (with 127 ip_addrs), in order to analyze the network traffic between all our subnettings.
I want to put this machine between the 2 routers as auditing tool. The problem is that I don't want to configure the machine depending on the place to be (routes and so on).
Basically I want FORWARDING, then I think about <ipfwadm> package. The idea is : everything coming from eth0 resend it to eth1 and viceversa!
Is this possible?, and then, How can I do this?
Thanks!
0
Comment
Question by:Trickle
  • 3
5 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 200 total points
ID: 1587301
see HOWTOs: Bridge, Multiple-Ethernet

Brief description:
  - build a kernal with BRIDGING enabled
  - disable setting IP address to eth device
  - boot with  append+"ether+0,0,eth1"
  - configure bridge with  brcfg
  - use tcpdump to monitor your traffic

0
 

Expert Comment

by:juliao
ID: 1587302
Why do you want do to it that way? Can't you just have a single machine there with the NIC in promiscuous mode and sniff everything right off the ethernet? A lot of sniffing software for linux is available.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 1587303
juliao, you're right. If it is not a switched ethernet you may just put the linux box beetween the 2 ethernets and use tcpdump.
0
 

Author Comment

by:Trickle
ID: 1587304
Yes, but when Router A broadcasts via ARP to get the Hardware address from the Router B, the <Black Box> between them will not forward ARP packets because are from the NCP layer isn't it?, the bridge will forward Internet layer packets (tcp, udp and icmp) isn't it?
I mean, I got a physical cable connected from Router A to <Black Box> eth0 and a physical cable connected from Router B to <Black Box> eth1, that's it like you said : a SNIFFING-BRIDGE!
....
what I also want is to filter packets between Network segments. I mean, a bridge acting as a firewall but highily reusable between Network segments!
Thanks for the answers!
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 1587305
A bridge should forward (bridge) the ARP packets.

For filtering you may use ipfwadm, but I don't know if this works on a bridge, on a gateway it will.
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
USPS intelligent mail barcode font 11 136
Webmin Bandwidth Monitoring not working 10 130
FTP output from Wireshak 6 87
Linux Network manager connection based on location 3 38
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question