[lug] connection path
Nate Duehr
nate at natetech.com
Sat Nov 10 23:35:16 MST 2001
Or if it's a smarter switch you can configure the switch to "span" or
"mirror" two ports together temporarily making those two ports a
mini-hub on that switch for monitoring purposes.
Also be careful putting a hub in there if your cards in the "monitor"
machine and the "box a" machine can't reconfigure from 100/full-duplex
to 100/half-duplex on-the-fly... you'll down your "box a" machine from
the network if it can't deal with the changeover. (Or worse, a
100/full-duplex to 10/half-duplex change.)
This is one of the reasons that if the switch can do it, it's probably
better to do it in the switch.
Nate Duehr, nate at natetech.com
On Mon, 2001-11-05 at 16:07, John Hernandez wrote:
> The problem here is that your monitoring station is connected to a
> switch. You'll only see broadcast traffic. If the switch is capable,
> you could try to "mirror" or "replicate" the box a port to your
> monitoring port. Otherwise, to see unicast traffic, you'll probably
> need to insert a plain old hub, like this:
>
>
> | |
> | |
> ____|___ ___|____
> |router| |router|
> -------- --------
> | |
> | |
> ----------------------------
> | switch |
> ----------------------------
> |
> |
> -------
> | hub |
> -------
> | |
> box a monitor
>
>
>
>
> Chuck Wiechman wrote:
>
> > You can tell by the mac address which router a packet came from.
> >
> >
> > On Mon, 5 Nov 2001, Kyle Moore wrote:
> >
> >
> >>If I have a system that sits on a network that two routers serve, is there
> >>any way to tell which one a connection came through? I have two T1's from
> >>different providers that come through two different routers. Both of the
> >>routers internal interfaces are on the same subnet. If a connection is
> >>made from the a machine on the net to a server is there any way I can tell
> >>from the monitoring box which router the connection was made? The key is
> >>using only the monitoring box to identify this info instead of info from
> >>any other system.
> >>
> >>I ran tcpdump -n -w logfile and I can see the arp requests but that is
> >>about it.
> >>
> >> | |
> >> | |
> >> ____|___ ___|___
> >> |router| |router|
> >> -------- --------
> >> | |
> >> | |
> >> ----------------------------
> >> | switch |
> >> ----------------------------
> >> | |
> >> | |
> >> ------- ---------
> >> |box a| |monitor|
> >> ------- ---------
> >>
> >>
> >>---
> >>Kyle Moore
> >>
> >>_______________________________________________
> >>Web Page: http://lug.boulder.co.us
> >>Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> >>
> >>
> >
> > _______________________________________________
> > Web Page: http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> >
>
>
> --
>
> - John Hernandez - Network Engineer - 303-497-6392 -
> | National Oceanic and Atmospheric Administration |
> | Mailstop R/OM12. 325 Broadway, Boulder, CO 80305 |
> ----------------------------------------------------
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG
mailing list