Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
11-16-2004, 09:21 AM
|
#1
|
|
LQ Newbie
Registered: Nov 2004
Location: Toronto
Posts: 2
Rep: 
|
Remote NIC monitoring with Ethereal
I have four network monitoring boxes, each with a passive ethernet port monitoring a different network. These networks cannot be merged.
Presently, I run a main monitoring station with KDE. This station accesses a monitor port in the following manner:
1) ssh to the remote monitor box.
2) run ethereal installed on the monitor box.
This generates a lot of spurious X traffic on the local network, and requires me to upgrade ethereal 4 times.
I would like to create a "shared" ethernet port on each monitor box to do the following:
1) Run ethereal on the main station
2) monitor the "shared" port on the remote box.
In this way, I can keep the monitor boxes lean and mean (ie. no XWindows required, no separate ethereal, etc), and focus any display changes and upgrades on the main monitor box.
Can this be done?
Thanks in advance...
Mark.
|
|
|
|
|
11-16-2004, 03:04 PM
|
#2
|
|
Member
Registered: Nov 2004
Distribution: FC1, Gentoo, Mdk 8.1, RH7-8-9, Knoppix, Zuarus rom 3.13
Posts: 98
Rep: 
|
if you want to keep things lean an mean then you do NOT want to run ethereal as your capture. Run tcpdump -w and dump to a file something like -r dumpfile.dump.
Tcpdump is low in over head and text based. Then when you want to interprit the output just use Ethereal on your local box (x-windows or MS Windows) by importing the remote dump file. You can set a cron job to archive dumps on the remote boxes hourly, daily or whatever floats your boat.
That's how I'd do it anyway.
-b
edit: sorry I didn't answer your question about watching all boxes at once. A suggestion would be to append all the live dumps to the same file. >> should work. And then monitor that file with ethereal. Not sure if ethereal will continually reload the file though.
Last edited by bignerd; 11-16-2004 at 03:07 PM.
|
|
|
|
|
11-16-2004, 04:09 PM
|
#3
|
|
LQ Newbie
Registered: Nov 2004
Location: Toronto
Posts: 2
Original Poster
Rep:
|
Thanks for the reply.
What I am looking for, though, is something that would allow me to capture from a port remotely, I think. In that way, I would not have to run either ethereal or tcpdump on the monitor boxes (PII 350's, so every CPU cycle is important).
I have thought of an approach similar to what you are suggesting, and it would add a historical functionality, but Ethereal does allow more interactive trace capabilities, and that is what my users require.
I found rpcap on Sourceforge, which purports to allow one host to capture from another host's port, but it seems to have been in alpha since October 2002. I don't really want to risk that...
I have investigated tunneling, but that seems to require an IP address on the passive port, and I want to keep the port truly passive (absolutely NO TX data).
Any ideas?
Thanks,
Mark.
Last edited by MarkMcQ; 11-16-2004 at 04:11 PM.
|
|
|
|
All times are GMT -5. The time now is 05:22 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
