Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm having an hard time figuring out why can't I capture the packets flowing between two devices, in both drections, using a self made ethernet tap, which looks just like this one: http://fernandomagro.com/wp-content/...2010/05/rx.jpg
Both end devices (say, A and B) are connected to a switch. But since the sniffer (a regular laptop) only has one ethernet port I can't perform the sniffing, like it is presented in most web sites (e.g. http://wiki.wireshark.org/CaptureSet..._a_network_tap)
So, in order to "solve" this issue, I just plugged the 2 (tap) connector ports to the ones on the switch and, finaly, 1 port from the switch to the sniffer. I thought the packets would be broadcasted but every time I plug the connectors to the switch the connection between A and B is interrupted.
My setup scenario looks like the picture in attachment.
Without knowing the exact wiring of the "tap" its hard to say,but I suspect you've created a loop which spanning tree is not dealing with due to unidirectional links.
A proper tap has to multiplex the transmit and receive paths of a full duplex connection into the receive path on the sniffers connection. You can't do this simply by wiring. You need a proper tap, a mirror port, or you can get away with a hub if you have one. Bear in mind that a hub changes the network connectivity to half duplex, if you are diagnosing a problem it changes the conditions of the fault so may mask whatever issue you are looking for.
what you mean? if it is cooper or fiber? it is cooper cable.
Quote:
Originally Posted by baldy3105
A proper tap has to multiplex the transmit and receive paths of a full duplex connection into the receive path on the sniffers connection. You can't do this simply by wiring. You need a proper tap, a mirror port, or you can get away with a hub if you have one. Bear in mind that a hub changes the network connectivity to half duplex, if you are diagnosing a problem it changes the conditions of the fault so may mask whatever issue you are looking for.
The ideia is not to use port mirroring or a Hub, which I already did (both implementations). I want to sniff packets on both directions on a single link, using a tap, to the sniffer. My question is if that is possible or not.
Note that if my sniffer had 2 interfaces I could just plug those two tap connectors (TX and RX) there and see the traffic using a packet sniffer (e.g. Wireshark). But since I only have 1 interface on the sniffer, I'd like to know how to solve this (if possible).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.