[clue-tech] The Rogue Uploader
Ken MacFerrin
lists at macferrin.com
Tue Jan 30 22:26:29 MST 2007
David L. Willson wrote:
> My pipe runneth over...
>
> I have a constant upload rate of 200Kb, which surges to 1.6Mb for long enough to make my
> users cranky. Sometimes, I even have to power-cycle the router to calm things down.
> Bleah...
>
> As I understand it, I can put a hub with three lines in place of the line from my
> network to the router, and I can run the 3rd line to my Linux laptop in promiscuous
> mode, and then I will be able to audit all the Internet traffic to and from my network
> from my laptop.
This will work if you have a true "hub" that mirrors traffic to every
port but not with a typical switch. There are a couple of options for
physical setup that can be found here:
http://wiki.wireshark.org/CaptureSetup/Ethernet
My preferred method is to use a managed switch that has the ability to
mirror ports. It's probably the most expensive option ($200+), but can
provide extra bennies like gigabit, vlans, Qos, etc with the hardware.
Depending on your existing equipment, the cheapest way is probably to
insert a machine with two NICs in the middle of the connection and run
it bridged and then listening with Wireshark to one of the two NICs.
-Ken
More information about the clue-tech
mailing list