software port monitoring ??
This is a discussion on software port monitoring ?? within the Linux Networking forums, part of the Linux Forums category; Hi, I have two windows pc A and B A : 10.0.0.1 B : 10.0.0.2 and ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-08-2005
|
|||
|
|||
Re: software port monitoring ??
news.free.fr wrote:
> Hi, > > I have two windows pc A and B > A : 10.0.0.1 > B : 10.0.0.2 > > and one router (debian shorewall) C : 10.0.0.254 > > I want a copy of all traffic from B two A, how can i to that ??? Install tcpdump and/or Ethereal on either Windows computer and tell it to capture all the traffic between the computers. -- Tauno Voipio tauno voipio (at) iki fi 
|
|
01-08-2005
|
|||
|
|||
|
Re: software port monitoring ??
Tauno Voipio a écrit :
> news.free.fr wrote: > >> Hi, >> >> I have two windows pc A and B >> A : 10.0.0.1 >> B : 10.0.0.2 >> >> and one router (debian shorewall) C : 10.0.0.254 >> >> I want a copy of all traffic from B two A, how can i to that ??? > > > Install tcpdump and/or Ethereal on either > Windows computer and tell it to capture > all the traffic between the computers. > |--------------| / Host A (win2K 10.0.0.1) Internet -----| Routeur(deb) |----(Switch) |--------------| \ Host B (win2K 10.0.0.2) I want that the routeur, send two A a copy of all packet with ip of B. is that possible ???
|
|
01-08-2005
|
|||
|
|||
|
Re: software port monitoring ??
nomp.deb wrote:
> Tauno Voipio a écrit : > >> news.free.fr wrote: >> >>> Hi, >>> >>> I have two windows pc A and B >>> A : 10.0.0.1 >>> B : 10.0.0.2 >>> >>> and one router (debian shorewall) C : 10.0.0.254 >>> >>> I want a copy of all traffic from B two A, how can i to that ??? >> >> >> >> Install tcpdump and/or Ethereal on either >> Windows computer and tell it to capture >> all the traffic between the computers. >> > > |--------------| / Host A (win2K 10.0.0.1) > Internet -----| Routeur(deb) |----(Switch) > |--------------| \ Host B (win2K 10.0.0.2) > > > I want that the routeur, send two A a copy of all packet with ip of B. > is that possible ??? Are you interested in traffic from A to B, or traffic from A or B to/from the Internet? If you're interested in the Internet traffic, you can install the tools at the router and tell to capture the traffic for the host of interest. You do not need to duplicate packets, they can be caught at the router and the trace can be examined at any of the workstations, if you can move the file there, using e.g. Winscp. -- Tauno Voipio tauno voipio (at) iki fi
|
|
01-09-2005
|
|||
|
|||
|
Re: software port monitoring ??
Tauno Voipio a écrit :
> nomp.deb wrote: > >> Tauno Voipio a écrit : >> >>> news.free.fr wrote: >>> >>>> Hi, >>>> >>>> I have two windows pc A and B >>>> A : 10.0.0.1 >>>> B : 10.0.0.2 >>>> >>>> and one router (debian shorewall) C : 10.0.0.254 >>>> >>>> I want a copy of all traffic from B two A, how can i to that ??? >>> >>> >>> >>> >>> Install tcpdump and/or Ethereal on either >>> Windows computer and tell it to capture >>> all the traffic between the computers. >>> >> >> |--------------| / Host A (win2K 10.0.0.1) >> Internet -----| Routeur(deb) |----(Switch) >> |--------------| \ Host B (win2K 10.0.0.2) >> >> >> I want that the routeur, send two A a copy of all packet with ip of B. >> is that possible ??? > > > Are you interested in traffic from A to B, or > traffic from A or B to/from the Internet? > > If you're interested in the Internet traffic, > you can install the tools at the router and > tell to capture the traffic for the host > of interest. > > You do not need to duplicate packets, they > can be caught at the router and the trace > can be examined at any of the workstations, > if you can move the file there, using e.g. > Winscp. > I 'am interested in traffic from B with internet, But I need this traffic on A.
|
|
01-09-2005
|
|||
|
|||
|
Re: software port monitoring ??
On Sat, 08 Jan 2005 17:36:35 +0100, nomp.deb <nimp54@gmail.com> wrote:
> Tauno Voipio a écrit : >> news.free.fr wrote: >> >>> Hi, >>> >>> I have two windows pc A and B >>> A : 10.0.0.1 >>> B : 10.0.0.2 >>> >>> and one router (debian shorewall) C : 10.0.0.254 >>> >>> I want a copy of all traffic from B two A, how can i to that ??? >> >> >> Install tcpdump and/or Ethereal on either >> Windows computer and tell it to capture >> all the traffic between the computers. >> > > |--------------| / Host A (win2K 10.0.0.1) > Internet -----| Routeur(deb) |----(Switch) > |--------------| \ Host B (win2K 10.0.0.2) > > > I want that the routeur, send two A a copy of all packet with ip of B. > is that possible ??? If you want to monitor traffic between A & B you would need one of: - A sniffer on one of the Win boxes. - A hub (which is half-duplex) instead of switch, so router could sniff. - Route them through separate nics on the Linux box and log with iptables.
|
|
01-09-2005
|
|||
|
|||
|
Re: software port monitoring ??
David Efflandt a écrit :
> On Sat, 08 Jan 2005 17:36:35 +0100, nomp.deb <nimp54@gmail.com> wrote: > >>Tauno Voipio a écrit : >> >>>news.free.fr wrote: >>> >>> >>>>Hi, >>>> >>>>I have two windows pc A and B >>>>A : 10.0.0.1 >>>>B : 10.0.0.2 >>>> >>>>and one router (debian shorewall) C : 10.0.0.254 >>>> >>>>I want a copy of all traffic from B two A, how can i to that ??? >>> >>> >>>Install tcpdump and/or Ethereal on either >>>Windows computer and tell it to capture >>>all the traffic between the computers. >>> >> >> |--------------| / Host A (win2K 10.0.0.1) >>Internet -----| Routeur(deb) |----(Switch) >> |--------------| \ Host B (win2K 10.0.0.2) >> >> >>I want that the routeur, send two A a copy of all packet with ip of B. >>is that possible ??? > > > If you want to monitor traffic between A & B you would need one of: > - A sniffer on one of the Win boxes. > - A hub (which is half-duplex) instead of switch, so router could sniff. > - Route them through separate nics on the Linux box and log with iptables. Yes thanks, but I know that i can do what i want with a HUB. But I can't change that.
|
|
01-09-2005
|
|||
|
|||
|
Re: software port monitoring ??
nomp.deb wrote:
> > I 'am interested in traffic from B with internet, But I need this > traffic on A. > For statistics, install ntop on the router, set it to fillow the traffic from/to B, and look at the results from A. If you cannot install a hub nor a sniffer cable with a separate hub, you have to collect the traffic in the router. Please note that the kind of sniffing you're interested in may be illegal. -- Tauno Voipio tauno voipio (at) iki fi
|
|
01-16-2005
|
|||
|
|||
|
Re: software port monitoring ??
Tauno Voipio wrote:
> news.free.fr wrote: > >> Hi, >> >> I have two windows pc A and B >> A : 10.0.0.1 >> B : 10.0.0.2 >> >> and one router (debian shorewall) C : 10.0.0.254 >> >> I want a copy of all traffic from B two A, how can i to that ??? > > > Install tcpdump and/or Ethereal on either > Windows computer and tell it to capture > all the traffic between the computers. Or if he wants to aggregate the traffic for snort or the like then he needs a switch with a spam port to repplicate all the traffic. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@bgsec.com bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÑA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
|
Linear Mode
