1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Converting from a hub -> wireless, sniffing issue?

Discussion in 'Networking Issues' started by icyman, Sep 3, 2004.

  1. icyman

    icyman Network Guru Member

    Heyas,

    I've been planning redoing my wired network for a bit now. I am curious if my plan is optimal for my needs. Here goes:

    The old (current) network is an 8 port hub, with 3 computers and my DSL modem connected. The DSL setup is each computer has a static (internal network IP, given to me by my ISP), and each computer uses the DSL modem's IP as its gateway. Since these 3 computers are on a HUB, it's easy to sniff the packets of any of them, from each other. More specifically, there's 1 Linux box, and 2 Windows XP boxes (the Linux box is the one I prefer to use when sniffing packets).

    So, enter wireless SWITCH (WRT54GS). As you all know, sniffing a switch is near impossible (ARP poisoning would be a possibility, but I don't know what issues this may cause my network, so for now, I am avoiding this possibility).

    My solution, is to put the 2 Windows XP machines on the SWITCH, and add a laptop in the near future. Now, in order to still be able to sniff packets, I believe I must do the following:

    Plug the HUB into the WLAN connection on the SWITCH, and put the Linux box and DSL modem on this HUB. Seems like it would work - I dunno, haven't done this yet. ;-)

    Now, as for sniffing packets, since I am outside the SWITCH, (and I *think* I will have to use NAT & DHCP on the switch/router), will they all have the same MAC & IP address (the router's MAC & IP)? This isn't a huge issue, I just want to be aware of exactly what I will be dealing with before I make the plunge on this network redesign.

    Anyway, thanks for reading, if I am incorrect on anything above, or, you can see a more optimal setup - please, let me know.


    Thanks muchly.
     
  2. howser

    howser Network Guru Member

    There are a few options for what you're trying to do. If you're trying to make sure that you're able to sniff everything then your setup is fine. (alternatively it would be nice for sveasoft or someone to allow you to SPAN a port/vlan so that all traffic would be visible to your linux box). However in regard to your mac question:

    The mac address is not rewriten until it hits a router, the IP address stays constant until you hit the nat box. Since the linux box is in front of the router then you'll be fine. Mac header rewrite is done on a router, not on the switch. The switch uses the mac address to create a forwarding table to detemine what ports get what traffic.
     

Share This Page