IP address of local swtich

you sure it has an address? only managed switchs have address (ok and some of"smart" ones with a few crappy monitoring tools)
 
The FS108's unmanaged so a) doesn't have an IP and b) won't do port mirroring or whatever you're trying to do.
 
you need either a managed switch, a hub, or a linux box with 2 network cards acting as a bridge.

hub will be the cheapest option if they still make them, you might be able to sort something if you are handy with a soldering iron.
 
Last edited:
Duke said:
You (generally) need a router for that. What set up do you have at the moment?
Click to expand...

I have two macbooks and four linux machines (one of which acts as a server) and a NAS product, the last port is taken up by a wireless access point which is a 3G mobile broadband router. Essentially I want a product in place of the FS108 that'll do the equivalent of tcpdump on Linux, and routinely scp / sftp the resultant file over to the server.

Budget wise I could go up to about £200 but I'd prefer to keep it as cheap as possible :p
 
dangerstat said:
Can you recommend a product that will?
Click to expand...

As suggested, a managed switch that does port mirroring with a machine attached to the appropriate port or some kind of bridge.

What you're asking for is pretty special and you're unlikely to get it for <£200. I doubt anyone really does a single-box thing that does all that. What are you actually trying to do?
 
tolien said:
As suggested, a managed switch that does port mirroring with a machine attached to the appropriate port or some kind of bridge.

What you're asking for is pretty special and you're unlikely to get it for <£200. I doubt anyone really does a single-box thing that does all that. What are you actually trying to do?
Click to expand...

Well tcpdump records all TCP traffic transiting my NIC. I was looking for a router with the same functionality. I didn't realize that was very specialized.
 
dangerstat said:
Well tcpdump records all TCP traffic transiting my NIC. I was looking for a router with the same functionality. I didn't realize that was very specialized.
Click to expand...

You're looking for a device that has 8 fast ethernet ports, does switching and port mirroring and has the storage capacity for (potentially, at least) a few terabytes of data a day, presumably without compromising the switching side of the story. The hard drives alone would be >£200.

You didn't really answer the question though - are you trying to sniff everything that goes to the internet, everything passed between specific machines or just sniff everything passed over the network (and why couldn't you do something more specific rather than collecting 100Mbps * 24 hours = 1TB worth of logs)?
My point's rather that there's probably an easier way than what you seem to be trying to do.
 
K.C. Leblanc said:
If you don't need gigabit the HP Procurve 2626 does port mirroring, you can get a used one for under a ton.
Click to expand...

Thanks mate, there's one advertised on the bay for £199

tolien said:
You're looking for a device that has 8 fast ethernet ports, does switching and port mirroring and has the storage capacity for (potentially, at least) a few terabytes of data a day, presumably without compromising the switching side of the story. The hard drives alone would be >£200.

You didn't really answer the question though - are you trying to sniff everything that goes to the internet, everything passed between specific machines or just sniff everything passed over the network (and why couldn't you do something more specific rather than collecting 100Mbps * 24 hours = 1TB worth of logs)?
My point's rather that there's probably an easier way than what you seem to be trying to do.
Click to expand...

No worries I'll try to answer. No I'm not trying to sniff everything that's going to the internet. I'm trying to capture anything being passed between the 3 linux machines and the NAS which is bar far the majority of the traffic.
 
tolien said:
You're looking for a device that has 8 fast ethernet ports, does switching and port mirroring and has the storage capacity for (potentially, at least) a few terabytes of data a day, presumably without compromising the switching side of the story. The hard drives alone would be >£200.
Click to expand...

No he isn't, he's looking for a way to sniff ethernet traffic. With 4 linux boxes available, the easiest way is going to be to repurpose one as a bridge. Failing that, get out the soldering iron and frankenbuild a splitter (but you'll get ****loads of collisions over the lower levels of the OSI stack) . A managed switch is actually the correct way to go about it, but they aren't cheap.

As far as I can see, no one makes hubs anymore.
 
dangerstat said:
No worries I'll try to answer. No I'm not trying to sniff everything that's going to the internet. I'm trying to capture anything being passed between the 3 linux machines and the NAS which is bar far the majority of the traffic.
Click to expand...

Well run tcpdump on all of them and aggregate the output?
 
why not simply run wireshark on all the machines and have the logs placed on the machine you want to read the logs on?
 
sldsmkd said:
No he isn't, he's looking for a way to sniff ethernet traffic.
Click to expand...

With all the performance implications of connecting all the machines to a single broadcast segement?
I didn't deny that what's looked for is something to do packet sniffing, but the original question was looking for an all-in-one, which would take storage.

dangerstat said:
No worries I'll try to answer. No I'm not trying to sniff everything that's going to the internet. I'm trying to capture anything being passed between the 3 linux machines and the NAS which is bar far the majority of the traffic.
Click to expand...

There's Dist's suggestion, or there's the bridging option. Stick something with two network cards between the switch and the NAS, set up to bridge the two and use wireshark/tcpdump/whatever you want.
 
You must log in or register to reply here.
Back
Top Bottom