If you have a linux box with 2 NIC's, you can set it in bridge mode and put it right behind your netgear router, or just set it up as a router instead of the netgear. That way all office traffic would have to pass through it to get to the internet. If you don't have a box available for that, I assume you could replace the netgear with a WRT54GL running linux and accomplish the same task.
~ Nathan On 12/27/05, Devlin Daley <[EMAIL PROTECTED]> wrote: > I'm trying to help out a small company in Provo determine if one of > their systems is infected with some self-emailing worm. Several emails > have been "returned" as being a possible virus (they are). The from > email address is spoofed, but I'm trying to figure out if it is inside > or outside the network. I figured a fairly easy way to figure it out was > to filter the network traffic headed for the internet and look at all > the smtp traffic, either using ethereal or the ruby bindings to pcap. > Problem is, it's a switched network. The network is basically made up of > a couple Netgear FS116's -- 16 port switches and a basic Netgear home > gateway router (which is also based off a switch). > > I read on tcpdump.org that some switches can be configured to replicate > network traffic to certain ports so that you can actually monitor the > network but I can't find any hint of these econimical devices being able > to do so. > > I understand that I can place a hub between the main switch and the home > router which will then broadcast the network packets to me no problemo > -- but looking at some local stores, ebc computers, pc club, etc. they > don't carry hubs, just switches. > > So my question for the UUG, who has a suggestion on a capable hub? Or a > switch that can be configured to also give me the goods? Would a Linksys > WRT54G with a replacement firmware have that functionality? > > Thanks, > Devlin > > -------------------- > BYU Unix Users Group > http://uug.byu.edu/ > > The opinions expressed in this message are the responsibility of their > author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. > ___________________________________________________________________ > List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list > -------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
