Sniffing gigabit ethernet? 1000baseT LAN taps?

Tom Buskey tom at buskey.name
Tue Apr 15 12:43:16 EDT 2014


For gigabit, there's no such thing as a hub.

You need a managed switch so you can create a mirror port.  Netgear makes
an 8 port one that's ~ $100.  I think they have a 5 port version too.  It
can also do vlan, 802.3ad (bond/trunk 2 ports together for faster
throughput)

Splice the switch into your server & mirror to your sniffer port.  Run
wireshark, tcpdump, snoop (Solaris?) on that port.  Filtering will probably
be needed so you can keep up.

If you don't have a switch, you might be able to take a PC with 2 network
ports and muck with iptables to make it into a switch.  You'll spend more
in labor then on the switch.




On Mon, Apr 14, 2014 at 7:21 PM, Richard Kolb II <richard.kolb at gmail.com>wrote:

> whatever happened to just plain old snoop?
>
>
> On Mon, Apr 14, 2014 at 5:44 PM, Kevin D. Clark <kevin_d_clark at comcast.net
> > wrote:
>
>>
>> Joshua Judson Rosen writes:
>>
>> > "Michael ODonnell" writes:
>> > >
>> > > I don't know what your situation is but if there's a managed
>> > > switch involved I believe that some of them can be rigged to
>> > > echo traffic to one or more specified ports for analysis/debug.
>> >
>> > Mm. Good point. I don't think I have any managed switches on-hand;
>> > any recommendations as to what I should get, if I go that route?
>>
>> The feature you'd want here is commonly called port mirroring or port
>> spanning.
>>
>> More info here:
>>
>>   http://wiki.wireshark.org/CaptureSetup/Ethernet
>>
>>
>> I do have a small word of advice:  it is generally useful when
>> capturing traffic for analysis to come up with some sort of "capture
>> filter" that limits the amount of traffic that you're going to end up
>> with.  On a really busy link, this can make it a lot easier to analyze
>> the traffic at a later time.
>>
>> Regards,
>>
>> --kevin
>> --
>> alumni.unh.edu!kdc / http://kdc-blog.blogspot.com/
>> GnuPG: D87F DAD6 0291 289C EB1E 781C 9BF8 A7D8 B280 F24E
>>
>> And the Army Ants, they leave nothin' but the bones...
>>    -- Tom Waits
>> _______________________________________________
>> gnhlug-discuss mailing list
>> gnhlug-discuss at mail.gnhlug.org
>> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>>
>
>
>
> --
>
> Richard Kolb II
>
>
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20140415/a0fa9438/attachment.html 


More information about the gnhlug-discuss mailing list