Firewall Wizards mailing list archives

Re: Sniffing DSL Connection

From: Crispin Cowan <crispin () immunix com>
Date: Sun, 14 Sep 2003 17:58:44 -0700

Chuck Swiger wrote:

Jeff_Lopes () groove net wrote:
DSL Modem ---> Hub ---> Linksys Router ---> Internal Machines

I then put a Linux machine on the hub and ran ethereal. No traffic!
Do you have a real IP address from the DSL modem, or does your Linksysdo PPPOE? If it's the latter, all of the IP traffic is beingencapsulated within PPP-- ethereal should still see the traffic, buttrying to match by IP addr will fail.

Or, your "hub" isn't really a hub. I've encountered a recent phenomenawhere network equipment vendors are selling small devices marked as"hubs" that are really switches. For most purposes this doesn't matter,and in fact is just a free upgrade. But if you're trying to use the hubas a network monitoring tap, you're SOL.

Test: put the hub on some other network that you *know* is carryingnormal IP traffic and see if you see anything.


Crispin

--
Crispin Cowan, Ph.D.           http://immunix.com/~crispin/
Chief Scientist, Immunix       http://immunix.com
           http://www.immunix.com/shop/


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Sniffing DSL Connection Jeff_Lopes (Sep 14)
- Re: Sniffing DSL Connection Chuck Swiger (Sep 14)
  - Re: Sniffing DSL Connection Crispin Cowan (Sep 14)
    - Re: Sniffing DSL Connections hr824 (Sep 16)
- Re: Sniffing DSL Connection Ben Nagy (Sep 14)