Couldn't you make your sniffer box also act as your firewall (after all it's a Linux router/firewall)? Your after shot is similar to my network design. A is my internal interface for my ADSL Modem, C is my firewall external interface, E is to my DMZ and D points to my LAN. My DMZ contains Internet bound Servers, My LAN contains Beta servers and workstations. My firewall is running IPtables, and snort. I can run tcpdump off any interface.
> I need to configure a Linux box as a transparent data sniffer between an > Internet connection router and the subnet hub/switch to which it is > connected (see ASCII art below) > > Before: > > } +-------------+ > } +--------+ | |------- > I'net }--| router |---------------------| switch/hub |------- subnet > } +--------+ | |------- > } +-------------+ > A B > > After: > > } +-------------+ > } +--------+ +---------+ | |------- > I'net }--| router |-----| sniffer |-----| switch/hub |------- subnet > } +--------+ +----|----+ | |------- > } | +-------------+ > A C | D B > E > > The requirement is that interface A must continue to think that is is > still talking to the same addresses at B and the interfaces at B must > continue to think they are talking to the address at A. IOW, interface D > must mimic interface A and interface C must mimic interfaces B. > Connection to the sniffer will be at interface E. > > This to enable a transparent man-in-the-middle data sniff. It's OK, it is > for a legitimate purpose :) > > Does anyone have any pointers to this config. I believe it was discussed > on SLUG a few years back, but I can't think where to start looking. > > -- > Howard. > LANNet Computing Associates - Your Linux people <http://www.lannetlinux.com> > ------------------------------------------ > Flatter government, not fatter government - Get rid of the Australian states. > ------------------------------------------ > I before E except after C. We live in a weird society! -- Regards, Kevin Saenz Spinaweb I.T consultants Ph: 02 4620 5130 Fax: 02 4625 9243 Mobile: 0418455661 Web: http://www.spinaweb.com.au -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
