Sniffing before the firewall
This is a discussion on Sniffing before the firewall within the Linux Networking forums, part of the Linux Forums category; I've an ubuntu laptop with two network cards. One network card is connected to a switch behind a firewall, ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-16-2006
|
|||
|
|||
Sniffing before the firewall
I've an ubuntu laptop with two network cards. One network card is
connected to a switch behind a firewall, the other i want to connect to a hub that I have installed between the firewall and the switch. I want to use ethereal to sniff the traffic on the network through the Hub, but the second network card does not take to an ip address. The network looks like this: Internet------>cable modem ----->Firewall------->Hub------>Switch------>Network If have tried putting the card into promiscious mode and but it does not connect? Where should I start looking to troubleshoot? Thanks. 
|
|
04-18-2006
|
|||
|
|||
|
Re: Sniffing before the firewall
On Sun, 16 Apr 2006, in the Usenet newsgroup comp.os.linux.networking, in
article <2006041614274716807-wrightplace2305@gmailcom>, Sebastian wrote: >I've an ubuntu laptop with two network cards. You have an unidentified laptop running Ubuntu, that has two unidentified Ethernet interfaces. >One network card is connected to a switch behind a firewall, the other i >want to connect to a hub that I have installed between the firewall and >the switch. OK - fairly common use >I want to use ethereal to sniff the traffic on the network through the >Hub, but the second network card does not take to an ip address. What happens? Does the computer catch on fire? >If have tried putting the card into promiscious mode and but it does >not connect? Where should I start looking to troubleshoot? Normally, give the sniffer interface a _static_ RFC3330 address such as "192.0.2.x" and tell your sniffer to NOT look up hostnames. Give more details, and you might get additional assistance. Old guy
|
|
04-18-2006
|
|||
|
|||
|
Re: Sniffing before the firewall
Thanks for responding.
On 2006-04-17 20:12:43 -0400, ibuprofin@painkiller.example.tld (Moe Trin) said: > On Sun, 16 Apr 2006, in the Usenet newsgroup comp.os.linux.networking, in > article <2006041614274716807-wrightplace2305@gmailcom>, Sebastian wrote: > >> I've an ubuntu laptop with two network cards. Its an HP N5475 with Ubuntu 5.10 installed and one internal card and one netgear MA 510 or 310 can't remember which. When I connect either card to the switch, and configure a static ip address, both cards work. > > You have an unidentified laptop running Ubuntu, that has two unidentified > Ethernet interfaces. > >> One network card is connected to a switch behind a firewall, the other i >> want to connect to a hub that I have installed between the firewall and >> the switch. > > OK - fairly common use > >> I want to use ethereal to sniff the traffic on the network through the >> Hub, but the second network card does not take to an ip address. When I connect the Netgear card to the hub instead of the switch, the light on card does not come on and the light on the hub does not come on. When I try to sniff the ethereal traffic i get no captured packets on the netgear interface. No fires :) It does capture packets on the interface connected to the switch. > > What happens? Does the computer catch on fire? > >> If have tried putting the card into promiscious mode and but it does >> not connect? Where should I start looking to troubleshoot? > > Normally, give the sniffer interface a _static_ RFC3330 address such as > "192.0.2.x" and tell your sniffer to NOT look up hostnames. Give more > details, and you might get additional assistance. This is what i think that i did. i gave the netgear a static address of 192.168.1.16, a subnet mask of 255.255.255.0 and no route to gateway and put the card into promiscious mode. I then told ethereal to capture packets, but received nothing. > > Old guy
|
|
04-19-2006
|
|||
|
|||
|
Re: Sniffing before the firewall
On Tue, 18 Apr 2006, in the Usenet newsgroup comp.os.linux.networking, in
article <2006041806340975249-wrightplace2305@gmailcom>, Sebastian wrote: >Its an HP N5475 with Ubuntu 5.10 installed and one internal card and >one netgear MA 510 or 310 can't remember which. When I connect either >card to the switch, and configure a static ip address, both cards work. OK - I can't identify either the MA 310 or MA 510. Is everything running at 10BaseT half duplex? That's all a hub is going to be able to work with. >When I connect the Netgear card to the hub instead of the switch, the >light on card does not come on and the light on the hub does not come >on. When I try to sniff the ethereal traffic i get no captured packets >on the netgear interface. If you give a command SUCH AS /sbin/ifconfig eth0 192.0.2.2 netmask 255.255.255.0 and then /sbin/ifconfig eth0 do you see the card? Is it seeing ANY indication of packets counts or errors? >No fires :) It does capture packets on the interface connected to the switch. That's a standard question when someone says "it doesn't work" >This is what i think that i did. i gave the netgear a static address >of 192.168.1.16, a subnet mask of 255.255.255.0 and no route to gateway >and put the card into promiscious mode. I then told ethereal to >capture packets, but received nothing. That sounds OK, although I don't have ethereal on this box to check. With the more common 'tcpdump', you don't need to use ifconfig to put the card into promiscious mode - the application does it for you. Old guy
|
Linear Mode
