LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Correct way to sniff switched network (http://www.linuxquestions.org/questions/linux-networking-3/correct-way-to-sniff-switched-network-113107/)

msymms 11-06-2003 01:57 PM

Correct way to sniff switched network
 
Hi All,
I am fairly new to Linux....I am running RH 7.3 on a PIII at 800Mhz networked with two other Windows machines via a Linsys cable WAP router. My question is this: I would like to monitor the traffic of my teenage son's machine (this would be a 3rd Windows machine if I decide to allow him internet access in his room). I can obviously monitor his email with an IMAP connection. I was thinking of installing an additional NIC in my Linux box. This would be plugged into a hub placed between my cable modem and router. First I am not sure if this is wise or even the correct way. I know 'sniffing' switched networks can be tricky. This can't be a unique situation. Any help or advice would be greatly appreciated.

david_ross 11-06-2003 02:37 PM

I would recoomend not sniffing but logging - just set up your router/proxy to log connections.

dorian33 11-06-2003 03:32 PM

Do you know the word "privacy"?
I am glad I am not your son...

david_ross 11-06-2003 03:39 PM

Quote:

Originally posted by dorian33
Do you know the word "privacy"?
I am glad I am not your son...

I have to say that I agree but lets not turn this into a discussion on peoples personal opinions, msymms asked for help with a problem.

Please try and keep the thread on track. Thanks!

msymms 11-06-2003 06:42 PM

Thanks for your help David. I am logging the router traffic and that should suffice for now.

dorian33-I understand the "privacy" sentiment. Believe me I do. There are obviously other issues involved here that have no place in this forum.

Thanks again

zaphodiv 11-07-2003 10:23 AM

It would be polite to tell your son that his access is monitored.

phoeniXflame 11-07-2003 10:32 AM

its not 'tricky' at all if you control the network, use something like dug songs arpspoof program combined with fragrouter to forward packets to fool your sons machine into thinking its speaking to the gateway, I'd have to agree with the others about you needing to tell your son hes being monitored, its not fair otherwise, plus you need to give him a chance to evade your sneaky sniffing tactics ;)

bitva 11-07-2003 11:33 AM

You want ettercap: http://ettercap.sourceforge.net/

'tis the best.

cyph3r7 11-07-2003 12:33 PM

hmmmm I can appreciate your situation as I have 2 children both with PC's in their rooms. I think there needs to be a balance. What I have done is filter there surfing content with squid. Blocking access to "porn" and such. Not allowed any file sharing such as kazaa or napster. Other than that they have free reign to do what they wish.


All times are GMT -5. The time now is 01:13 PM.