[lug] connection path

John Hernandez John.Hernandez at noaa.gov
Mon Nov 5 16:07:14 MST 2001 

The problem here is that your monitoring station is connected to a 
switch.  You'll only see broadcast traffic.  If the switch is capable, 
you could try to "mirror" or "replicate" the box a port to your 
monitoring port.  Otherwise, to see unicast traffic, you'll probably 
need to insert a plain old hub, like this:


             |                  |
             |                  |
         ____|___            ___|____
         |router|            |router|
         --------            --------
             |                  |
             |                  |
         ----------------------------
         |         switch           |
         ----------------------------
                   |
                   |
                -------
                | hub |
                -------
                 |   |
              box a  monitor




Chuck Wiechman wrote:

> You can tell by the mac address which router a packet came from.
> 
> 
> On Mon, 5 Nov 2001, Kyle Moore wrote:
> 
> 
>>If I have a system that sits on a network that two routers serve, is there
>>any way to tell which one a connection came through? I have two T1's from
>>different providers that come through two different routers. Both of the
>>routers internal interfaces are on the same subnet. If a connection is
>>made from the a machine on the net to a server is there any way I can tell
>>from the monitoring box which router the connection was made? The key is
>>using only the monitoring box to identify this info instead of info from
>>any other system.
>>
>>I ran tcpdump -n -w logfile and I can see the arp requests but that is
>>about it.
>>
>>            |                  |
>>            |                  |
>>        ____|___            ___|___
>>        |router|            |router|
>>        --------            --------
>>            |                  |
>>            |                  |
>>        ----------------------------
>>        |         switch           |
>>        ----------------------------
>>                  |        |
>>                  |        |
>>               -------    ---------
>>               |box a|    |monitor|
>>               -------    ---------
>>
>>
>>---
>>Kyle Moore
>>
>>_______________________________________________
>>Web Page:  http://lug.boulder.co.us
>>Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>>
>>
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> 


-- 

   - John Hernandez - Network Engineer - 303-497-6392 -
  |  National Oceanic and Atmospheric Administration   |
  |  Mailstop R/OM12. 325 Broadway, Boulder, CO 80305  |
   ----------------------------------------------------

More information about the LUG mailing list