[ale] Etherreal and switches

Jim Popovitch jimpop at yahoo.com
Thu Sep 28 10:54:11 EDT 2006


On Thu, 2006-09-28 at 10:08 -0400, Christopher Fowler wrote:
> I want to configure one Linux box to do packet capturing for out small
> network.
> 
> It is simple and here is what it looks like:
> 
> [ Router ]
>    |
> [ Cisco 2900 XL]
> Servers:     | p24
>           [ Cisco 2900 XL ]
> Devel:       |         |
>    [ Generic Switch] [ Generic Switch ]
>      Test              Demo
> 
> 
> We have a router that goes to Internet.  Under that router
> we have 2900XL.  That is for various clients and servers.  There
> is an uplink going to another 2900XL and that is for the LAB.
> There are 2 uplinks on that going to a cheap switch for DEMO
> equipment and a cheap switch for TEST equipment.  
> 
> On the first switch I guess I need to setup port 23 as a SPAN port and
> attach the linux box to it.  

Yep.

> How can I make sure I get all the traffic
> that is passing on the 2nd XL?  Not all of that traffic will be sent
> upstream to the first XL.  

You won't be able to see traffic that doesn't pass through the first XL.
So if someone telnet's from the lab to the demo boxes you won't see
their traffic (but you might see their DNS/PTR queries if DNS servers
are hanging off of the first XL)

The only way to achieve this is to have all systems use a default route
that is a device off the first XL, or to add another SPAN port on the
second XL.

Are you looking to monitor RTP streams? 

> As far as the cheap switches go I do not see
> a way to see all their traffic since they do not have span port support.

-Jim P.






More information about the Ale mailing list