Trickle
asked on
Ethernet in promiscuous mode
Hi there!
I'm building a linux machine with 2 Ethernet cards in promiscuous mode (with 127 ip_addrs), in order to analyze the network traffic between all our subnettings.
I want to put this machine between the 2 routers as auditing tool. The problem is that I don't want to configure the machine depending on the place to be (routes and so on).
Basically I want FORWARDING, then I think about <ipfwadm> package. The idea is : everything coming from eth0 resend it to eth1 and viceversa!
Is this possible?, and then, How can I do this?
Thanks!
I'm building a linux machine with 2 Ethernet cards in promiscuous mode (with 127 ip_addrs), in order to analyze the network traffic between all our subnettings.
I want to put this machine between the 2 routers as auditing tool. The problem is that I don't want to configure the machine depending on the place to be (routes and so on).
Basically I want FORWARDING, then I think about <ipfwadm> package. The idea is : everything coming from eth0 resend it to eth1 and viceversa!
Is this possible?, and then, How can I do this?
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Why do you want do to it that way? Can't you just have a single machine there with the NIC in promiscuous mode and sniff everything right off the ethernet? A lot of sniffing software for linux is available.
juliao, you're right. If it is not a switched ethernet you may just put the linux box beetween the 2 ethernets and use tcpdump.
ASKER
Yes, but when Router A broadcasts via ARP to get the Hardware address from the Router B, the <Black Box> between them will not forward ARP packets because are from the NCP layer isn't it?, the bridge will forward Internet layer packets (tcp, udp and icmp) isn't it?
I mean, I got a physical cable connected from Router A to <Black Box> eth0 and a physical cable connected from Router B to <Black Box> eth1, that's it like you said : a SNIFFING-BRIDGE!
....
what I also want is to filter packets between Network segments. I mean, a bridge acting as a firewall but highily reusable between Network segments!
Thanks for the answers!
I mean, I got a physical cable connected from Router A to <Black Box> eth0 and a physical cable connected from Router B to <Black Box> eth1, that's it like you said : a SNIFFING-BRIDGE!
....
what I also want is to filter packets between Network segments. I mean, a bridge acting as a firewall but highily reusable between Network segments!
Thanks for the answers!
A bridge should forward (bridge) the ARP packets.
For filtering you may use ipfwadm, but I don't know if this works on a bridge, on a gateway it will.
For filtering you may use ipfwadm, but I don't know if this works on a bridge, on a gateway it will.