?
Solved

Ethernet in promiscuous mode

Posted on 1998-01-13
5
Medium Priority
?
203 Views
Last Modified: 2008-03-17
Hi there!
I'm building a linux machine with 2 Ethernet cards in promiscuous mode (with 127 ip_addrs), in order to analyze the network traffic between all our subnettings.
I want to put this machine between the 2 routers as auditing tool. The problem is that I don't want to configure the machine depending on the place to be (routes and so on).
Basically I want FORWARDING, then I think about <ipfwadm> package. The idea is : everything coming from eth0 resend it to eth1 and viceversa!
Is this possible?, and then, How can I do this?
Thanks!
0
Comment
Question by:Trickle
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 200 total points
ID: 1587301
see HOWTOs: Bridge, Multiple-Ethernet

Brief description:
  - build a kernal with BRIDGING enabled
  - disable setting IP address to eth device
  - boot with  append+"ether+0,0,eth1"
  - configure bridge with  brcfg
  - use tcpdump to monitor your traffic

0
 

Expert Comment

by:juliao
ID: 1587302
Why do you want do to it that way? Can't you just have a single machine there with the NIC in promiscuous mode and sniff everything right off the ethernet? A lot of sniffing software for linux is available.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 1587303
juliao, you're right. If it is not a switched ethernet you may just put the linux box beetween the 2 ethernets and use tcpdump.
0
 

Author Comment

by:Trickle
ID: 1587304
Yes, but when Router A broadcasts via ARP to get the Hardware address from the Router B, the <Black Box> between them will not forward ARP packets because are from the NCP layer isn't it?, the bridge will forward Internet layer packets (tcp, udp and icmp) isn't it?
I mean, I got a physical cable connected from Router A to <Black Box> eth0 and a physical cable connected from Router B to <Black Box> eth1, that's it like you said : a SNIFFING-BRIDGE!
....
what I also want is to filter packets between Network segments. I mean, a bridge acting as a firewall but highily reusable between Network segments!
Thanks for the answers!
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 1587305
A bridge should forward (bridge) the ARP packets.

For filtering you may use ipfwadm, but I don't know if this works on a bridge, on a gateway it will.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses
Course of the Month11 days, 16 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question