Firewall Wizards mailing list archives
RE: linux on an s390, in a switched env, how to sniff?
From: "Sloane, David" <DSloane () vfa com>
Date: Tue, 19 Aug 2003 19:44:36 -0400
Ron, If you control the switch and the patch panel, it may not be that hard. If it's a Cisco Catalyst switch, this may work: interface FastEthernet0/10 port monitor FastEthernet0/20 This sends all port 20's traffic to port 10 (along with any port 10's usual traffic), so you can sniff your S390 (or any other box) from any port on the same switch. The switch can generally handle the traffic across it's backplane, but you could lose packets when combining two busy ports. If you have the ports and nics, you'd be better off with a very fast port monitoring a slower port, like so: interface GigabitEthernet1/01 port monitor FastEthernet0/20 But that's probably overkill. I suspect other mid- to high-end managed switches provide similar functionality (I think I've seen it on 3Com SuperStack's), but I don't know how they do it. -David -----Original Message----- From: R. DuFresne [mailto:dufresne () sysinfo com] Sent: Friday, August 15, 2003 11:57 AM To: 'firewall-wizards () honor icsalabs com' Subject: [fw-wiz] linux on an s390, in a switched env, how to sniff? Folks, With a linux image on the mainframe, in a switched environ, tcpdump's not useful, and redhats old 7.2 package for the mainframe is pretty useless for building the newer ettercap code, unless one has the time to port in newer glic, pkg-config, gtk, etc.... prettin-near a rebuild of the whole offering. And since a newer redhat version for this platform is not fully supported as yet <perhaps sept?> are there any other simple tools that can sniff in a switched env I might compile here. I do not need alot of bells and whistles, just a tool that can be used in tracing down connectivity issues. Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- linux on an s390, in a switched env, how to sniff? R. DuFresne (Aug 15)
- <Possible follow-ups>
- RE: linux on an s390, in a switched env, how to sniff? Sloane, David (Aug 20)