IP address of local swtich

dangerstat · 31 Aug 2009 at 15:39

Hi,

Numpty question but can anyone tell me how to identify the IP address my switch is using

dangerstat · 31 Aug 2009 at 16:21

Hmm okay it's a netgear FS108, I just want to do some sort of tcpdump from it, is that possible or do I need a product

dangerstat · 31 Aug 2009 at 17:23

tolien said:
The FS108's unmanaged so a) doesn't have an IP and b) won't do port mirroring or whatever you're trying to do.

Can you recommend a product that will?

dangerstat · 31 Aug 2009 at 17:33

Duke said:
You (generally) need a router for that. What set up do you have at the moment?

I have two macbooks and four linux machines (one of which acts as a server) and a NAS product, the last port is taken up by a wireless access point which is a 3G mobile broadband router. Essentially I want a product in place of the FS108 that'll do the equivalent of tcpdump on Linux, and routinely scp / sftp the resultant file over to the server.

Budget wise I could go up to about £200 but I'd prefer to keep it as cheap as possible

dangerstat · 31 Aug 2009 at 18:09

tolien said:
As suggested, a managed switch that does port mirroring with a machine attached to the appropriate port or some kind of bridge.

What you're asking for is pretty special and you're unlikely to get it for <£200. I doubt anyone really does a single-box thing that does all that. What are you actually trying to do?

Well tcpdump records all TCP traffic transiting my NIC. I was looking for a router with the same functionality. I didn't realize that was very specialized.

dangerstat · 31 Aug 2009 at 18:59

K.C. Leblanc said:
If you don't need gigabit the HP Procurve 2626 does port mirroring, you can get a used one for under a ton.

Thanks mate, there's one advertised on the bay for £199

tolien said:
You're looking for a device that has 8 fast ethernet ports, does switching and port mirroring and has the storage capacity for (potentially, at least) a few terabytes of data a day, presumably without compromising the switching side of the story. The hard drives alone would be >£200.

You didn't really answer the question though - are you trying to sniff everything that goes to the internet, everything passed between specific machines or just sniff everything passed over the network (and why couldn't you do something more specific rather than collecting 100Mbps * 24 hours = 1TB worth of logs)?
My point's rather that there's probably an easier way than what you seem to be trying to do.

No worries I'll try to answer. No I'm not trying to sniff everything that's going to the internet. I'm trying to capture anything being passed between the 3 linux machines and the NAS which is bar far the majority of the traffic.