Firewall Wizards mailing list archives

RE: linux on an s390, in a switched env, how to sniff?

From: "Sloane, David" <DSloane () vfa com>
Date: Tue, 19 Aug 2003 19:44:36 -0400

Ron,

If you control the switch and the patch panel, it may not be that hard.

If it's a Cisco Catalyst switch, this may work:

        interface FastEthernet0/10
         port monitor FastEthernet0/20

This sends all port 20's traffic to port 10 (along with any port 10's
usual traffic), so you can sniff your S390 (or any other box) from any
port on the same switch.  The switch can generally handle the traffic
across it's backplane, but you could lose packets when combining two
busy ports.

If you have the ports and nics, you'd be better off with a very fast
port monitoring a slower port, like so:

        interface GigabitEthernet1/01
         port monitor FastEthernet0/20

But that's probably overkill.

I suspect other mid- to high-end managed switches provide similar
functionality (I think I've seen it on 3Com SuperStack's), but I don't
know how they do it.


-David


-----Original Message-----
From: R. DuFresne [mailto:dufresne () sysinfo com] 
Sent: Friday, August 15, 2003 11:57 AM
To: 'firewall-wizards () honor icsalabs com'
Subject: [fw-wiz] linux on an s390, in a switched env, how to sniff?



Folks,

With a linux image on the mainframe, in a switched environ, tcpdump's
not useful, and redhats old 7.2 package for the mainframe is pretty
useless for building the newer ettercap code, unless one has the time to
port in newer glic, pkg-config, gtk, etc.... prettin-near a rebuild of
the whole offering.  And since a newer redhat version for this platform
is not fully supported as yet <perhaps sept?> are there any other simple
tools that can sniff in a switched env I might compile here.  I do not
need alot of bells and whistles, just a tool that can be used in tracing
down connectivity issues.

Thanks,


Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

_______________________________________________
firewall-wizards mailing list firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

linux on an s390, in a switched env, how to sniff? R. DuFresne (Aug 15)
- <Possible follow-ups>
- RE: linux on an s390, in a switched env, how to sniff? Sloane, David (Aug 20)