Solved

Ethernet in promiscuous mode

Posted on 1998-01-13
5
191 Views
Last Modified: 2008-03-17
Hi there!
I'm building a linux machine with 2 Ethernet cards in promiscuous mode (with 127 ip_addrs), in order to analyze the network traffic between all our subnettings.
I want to put this machine between the 2 routers as auditing tool. The problem is that I don't want to configure the machine depending on the place to be (routes and so on).
Basically I want FORWARDING, then I think about <ipfwadm> package. The idea is : everything coming from eth0 resend it to eth1 and viceversa!
Is this possible?, and then, How can I do this?
Thanks!
0
Comment
Question by:Trickle
  • 3
5 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 200 total points
ID: 1587301
see HOWTOs: Bridge, Multiple-Ethernet

Brief description:
  - build a kernal with BRIDGING enabled
  - disable setting IP address to eth device
  - boot with  append+"ether+0,0,eth1"
  - configure bridge with  brcfg
  - use tcpdump to monitor your traffic

0
 

Expert Comment

by:juliao
ID: 1587302
Why do you want do to it that way? Can't you just have a single machine there with the NIC in promiscuous mode and sniff everything right off the ethernet? A lot of sniffing software for linux is available.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 1587303
juliao, you're right. If it is not a switched ethernet you may just put the linux box beetween the 2 ethernets and use tcpdump.
0
 

Author Comment

by:Trickle
ID: 1587304
Yes, but when Router A broadcasts via ARP to get the Hardware address from the Router B, the <Black Box> between them will not forward ARP packets because are from the NCP layer isn't it?, the bridge will forward Internet layer packets (tcp, udp and icmp) isn't it?
I mean, I got a physical cable connected from Router A to <Black Box> eth0 and a physical cable connected from Router B to <Black Box> eth1, that's it like you said : a SNIFFING-BRIDGE!
....
what I also want is to filter packets between Network segments. I mean, a bridge acting as a firewall but highily reusable between Network segments!
Thanks for the answers!
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 1587305
A bridge should forward (bridge) the ARP packets.

For filtering you may use ipfwadm, but I don't know if this works on a bridge, on a gateway it will.
0

Featured Post

Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now