Re: Small Network Setup with Debian Router

[Peter Teunissen <lists@onemanifest.net>]

On 30-jan-2007, at 16:40, Kristian Lampen wrote:

> celejar schrieb:
> > > On 29-jan-2007, at 21:57, Kristian Lampen wrote:
> >
> > [snip]
> >
> > > > 3. I want to have the possibility to see the whole network traffic
> > > > with
> > > > the router. Not only the traffic from the PC's through the router
> > > > to the
> > > > outside world. How can I manage this? Do I have to buy a switch
> > > > with the
> > > > port-mirroring feature? If so, how do I have to connect it to the
> > > > Router?
> > > I've read something about using an old non-switching hub attached to
> > > your network and an old cpu, running snort. This way you should be
> > > able to sniff all traffic. Dunno much more about it tho, never tried
> > > it myself.
> >
> > Although I have never used one, AFAIK that is exactly what a hub  
> > does;
> > it sends all traffic out all ports. Just be aware that this will
> > greatly increase traffic across all the segments, and may cause
> > collisions. That's why switches have more or less replaced hubs.
>
> Another problem is that using a hub will give all connected clients  
> the possibility to sniff the traffic. That is not what I want.
>
> Hubs are available in different Onlineshops till now.
Just for the record, I was originally referring to a setup like in:

http://www.linuxjournal.com/article/6985

This guy has a very nice setup where one machine sniffs all traffic  
with a non-switching hub and a handmade 'read only' network cable.  
Nice! Should do this myself someday... 8-)

Peter