2009/7/25 Marty Richards <ma...@netwaynetworks.com.au>: > However, you are doing this the hard way. You don't need an ethernet hub if > you already know where the traffic is going. All you need to do is > investigate the traffic on your office uplink. Its possible that the device > you use for the uplink already might give you this info... but if it
We use SonicWall TZ 190. It gives very rought "traffic per IP" in is Logs screen but to get all the details we'll need to purchase something called "SonicView" and run it on Windows. > doesn't, you should replace the uplink device with a Linux PC and just sniff > the traffic from there. Starting from scratch this should take about 2 hours > to complete (assuming it takes an hour to install your favourite flavour of > Linux and you're not using mesh VPNs or other complex configurations). > Ideally you would configure the Linux PC to be the local gateway, and then > reconfigure the existing uplink device to provide the link between the Linux > PC and outside. > > If you want to really get your hands dirty, you could configure the Linux > box with 2 interfaces as a bridge and simply insert it in between your > switch and your office uplink. This would allow you to sniff the traffic > without needing to change any IP configs on the existing network. (Ah, I > see Rob Collins said something like this last week - "you can make a trivial > two port switch out of a linux machine with brtools"). That's exactly what we did - put a linux box with two network cards as a bridge between the SonicWall and the SHDSL modem and run ntop on it. It caused troubles due to hardware issues (network card) and later because the linux box had iptables filtering packets. They were resolved and that's how our network is served now but I feel that having our entire uplink depend on a desktop-level linux box I'm not sure its age a bit worrying. I think I'll feel more comfortable if I could let the uplink through a piece of hardware with no "moving parts" in it if you know what I mean, plus it's something we'll be able to slug around the network more easily, connect my laptop to it and have a listen. Thanks, --Amos -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
