RE: [fw-wiz] linux on an s390, in a switched env, how to sniff?
From: Sloane, David (DSloane_at_vfa.com)
Date: 08/20/03
- Previous message: Mark Sargent: "[fw-wiz] Topic: Can't Network 2 Win2kPro Machines with Kerio"
- Maybe in reply to: R. DuFresne: "[fw-wiz] linux on an s390, in a switched env, how to sniff?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "R. DuFresne" <dufresne@sysinfo.com>, <firewall-wizards@honor.icsalabs.com> Date: Tue, 19 Aug 2003 19:44:36 -0400
Ron,
If you control the switch and the patch panel, it may not be that hard.
If it's a Cisco Catalyst switch, this may work:
interface FastEthernet0/10
port monitor FastEthernet0/20
This sends all port 20's traffic to port 10 (along with any port 10's
usual traffic), so you can sniff your S390 (or any other box) from any
port on the same switch. The switch can generally handle the traffic
across it's backplane, but you could lose packets when combining two
busy ports.
If you have the ports and nics, you'd be better off with a very fast
port monitoring a slower port, like so:
interface GigabitEthernet1/01
port monitor FastEthernet0/20
But that's probably overkill.
I suspect other mid- to high-end managed switches provide similar
functionality (I think I've seen it on 3Com SuperStack's), but I don't
know how they do it.
-David
-----Original Message-----
From: R. DuFresne [mailto:dufresne@sysinfo.com]
Sent: Friday, August 15, 2003 11:57 AM
To: 'firewall-wizards@honor.icsalabs.com'
Subject: [fw-wiz] linux on an s390, in a switched env, how to sniff?
Folks,
With a linux image on the mainframe, in a switched environ, tcpdump's
not useful, and redhats old 7.2 package for the mainframe is pretty
useless for building the newer ettercap code, unless one has the time to
port in newer glic, pkg-config, gtk, etc.... prettin-near a rebuild of
the whole offering. And since a newer redhat version for this platform
is not fully supported as yet <perhaps sept?> are there any other simple
tools that can sniff in a switched env I might compile here. I do not
need alot of bells and whistles, just a tool that can be used in tracing
down connectivity issues.
Thanks,
Ron DuFresne
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart
testing, only testing, and damn good at it too!
_______________________________________________
firewall-wizards mailing list firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Mark Sargent: "[fw-wiz] Topic: Can't Network 2 Win2kPro Machines with Kerio"
- Maybe in reply to: R. DuFresne: "[fw-wiz] linux on an s390, in a switched env, how to sniff?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
