Solved

Ethernet in promiscuous mode

Posted on 1998-01-13
5
198 Views
Last Modified: 2008-03-17
Hi there!
I'm building a linux machine with 2 Ethernet cards in promiscuous mode (with 127 ip_addrs), in order to analyze the network traffic between all our subnettings.
I want to put this machine between the 2 routers as auditing tool. The problem is that I don't want to configure the machine depending on the place to be (routes and so on).
Basically I want FORWARDING, then I think about <ipfwadm> package. The idea is : everything coming from eth0 resend it to eth1 and viceversa!
Is this possible?, and then, How can I do this?
Thanks!
0
Comment
Question by:Trickle
  • 3
5 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 200 total points
ID: 1587301
see HOWTOs: Bridge, Multiple-Ethernet

Brief description:
  - build a kernal with BRIDGING enabled
  - disable setting IP address to eth device
  - boot with  append+"ether+0,0,eth1"
  - configure bridge with  brcfg
  - use tcpdump to monitor your traffic

0
 

Expert Comment

by:juliao
ID: 1587302
Why do you want do to it that way? Can't you just have a single machine there with the NIC in promiscuous mode and sniff everything right off the ethernet? A lot of sniffing software for linux is available.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 1587303
juliao, you're right. If it is not a switched ethernet you may just put the linux box beetween the 2 ethernets and use tcpdump.
0
 

Author Comment

by:Trickle
ID: 1587304
Yes, but when Router A broadcasts via ARP to get the Hardware address from the Router B, the <Black Box> between them will not forward ARP packets because are from the NCP layer isn't it?, the bridge will forward Internet layer packets (tcp, udp and icmp) isn't it?
I mean, I got a physical cable connected from Router A to <Black Box> eth0 and a physical cable connected from Router B to <Black Box> eth1, that's it like you said : a SNIFFING-BRIDGE!
....
what I also want is to filter packets between Network segments. I mean, a bridge acting as a firewall but highily reusable between Network segments!
Thanks for the answers!
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 1587305
A bridge should forward (bridge) the ARP packets.

For filtering you may use ipfwadm, but I don't know if this works on a bridge, on a gateway it will.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
E-mail settings for Fail2ban 7 139
linux, squid, exchange 14 175
How does the STUN server helps discover the device public ip address 4 87
High Bandwidth Usage 6 75
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question