On Thu, Jan 20, 2000 at 09:05:14AM +0100, Onno Ebbinge wrote: > At 08:49 AM 1/19/00 -0600, Jeff Noxon wrote: > >You have an interesting idea, but it won't work in my case. I have to > >put this between a pair of Cisco routers running EIGRP. They won't see > >each other if the router discovery packets (etc.) aren't forwarded by > >a bridge. I also can't guarantee that the address of the router on one > >side won't change -- it is not under my control. > > As far as I know Linux doesn't understand EIGRP. > I can't even find it in /etc/protocols... Two questions: 1. Why not do the filtering in the routers with access lists? Too much CPU overhead? Neither IPCHAINS nor router access lists really do anything that's state-based monitoring, so either's about the same. 2. If you just want to LOOK at the packets going by, a hub between the routers works nicely. (Great for running ethereal, etc... to watch for various security issues. 3. If you have Cisco switches (and most 3Com's) you can set a port to get all traffic from the other ports with the VLAN stuff... great way to set up a "looking glass" where you can stick a linux laptop in and see what's going on in promiscuous mode. As a side-note, the network stack on the typical Linux box doing promiscuous mode and heavy logging typically dies around 80MB/s of traffic (Kernel OOPS or worse...) and I've found that the BSD variants don't do this. (At least on my laptop/pcmcia stack/hardware combo) Don't know why, don't really care... have tried to track it down to a particular piece of code with traces and can't find it (I'm not much of a C programmer at all...) I just use the BSD's now for this type of work. :) -- Nate Duehr <nate@natetech.com> GPG Key fingerprint = DCAF 2B9D CC9B 96FA 7A6D AAF4 2D61 77C5 7ECE C1D2 Public Key available upon request, or at wwwkeys.pgp.net and others.
Attachment:
pgpsyDHlNkXE6.pgp
Description: PGP signature