*average *nix knowledge but this is new ground for me.
I'm trying to monitor an ethernet switch which has an interface set to monitor and I'm having a few issues.
I have the r-pi stock ethernet adapter plugged into the switch so i can ssh into the pi, then a USB ethernet adapter plugged into my monitoring adaptor on the switch.
so: eth0 is ssh (assigned ip by router)
eth1 monitor.
i can start tcpdump which outputs a steady steam on eth0 but on eth1, outputs a few lines then quickly locks me out of ssh. When i try to dump the output to a file, eth0 will write fine but no data is written from eth1.
my ifconfig shows:
eth0 Link encap:Ethernet HWaddr b8:27:eb:a8:0f:ca
inet addr:192.168.1.72 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1814 errors:0 dropped:0 overruns:0 frame:0
TX packets:172 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:134168 (131.0 KiB) TX bytes:31730 (30.9 KiB)
eth1 Link encap:Ethernet HWaddr 00:e0:4c:53:44:58
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1516 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:111072 (108.4 KiB) TX bytes:88 (88.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
This is from a fairly plain raspian with libpcap. raspian detected the usb ethernet adapter and i have not configured anything else.
Do i need to configure eth1 in anyway to listen to this port?
Many thanks sticking with me on this.!
-
Richard-TX
- Posts: 1549
- Joined: Tue May 28, 2013 3:24 pm
- Location: North Texas
Re: port monitoring
It would be helpful if we knew the make and model of the switch. The reason is that there are a few different definitions of "port monitoring" and how and where that reporting occurs.
What options are you giving to tcpdump?
How do you have the ports defined in the switch?
Too many possibilities at this time to even venture a guess.
What options are you giving to tcpdump?
How do you have the ports defined in the switch?
Too many possibilities at this time to even venture a guess.
Richard
Doing Unix since 1985.
The 9-25-2013 image of Wheezy can be found at:
http://downloads.raspberrypi.org/raspbian/images/raspbian-2013-09-27/2013-09-25-wheezy-raspbian.zip
Doing Unix since 1985.
The 9-25-2013 image of Wheezy can be found at:
http://downloads.raspberrypi.org/raspbian/images/raspbian-2013-09-27/2013-09-25-wheezy-raspbian.zip
Re: port monitoring
Many Thanks for the reply and sorry for being vague,
I believe my issues have been resolved.
For anybody else having issues - It looks like the network adaptor wasn't upto the job. I was using the cheep blue ethernet adpator from Amazon:
http://www.amazon.co.uk/Ethernet-RJ45-N ... et+adapter
I swapped the cables to use the onboard adaptor as the switch monitor (which was a Netgear GS724T) and the usb adaptor to ssh into the pi.
This seams to have done the trick if anybody else has the same issues.
I believe my issues have been resolved.
For anybody else having issues - It looks like the network adaptor wasn't upto the job. I was using the cheep blue ethernet adpator from Amazon:
http://www.amazon.co.uk/Ethernet-RJ45-N ... et+adapter
I swapped the cables to use the onboard adaptor as the switch monitor (which was a Netgear GS724T) and the usb adaptor to ssh into the pi.
This seams to have done the trick if anybody else has the same issues.