Wireshark · Ethereal-users: [Ethereal-users] Re: Looking for a new non-switched hub

Ethereal-users: [Ethereal-users] Re: Looking for a new non-switched hub

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date: Fri, 27 Jun 2003 04:31:50 -0400

To solve this problem I use a full-duplex ethernet wiretap device from www.criticaltap.com .

These are failsafe devices intended for invisible use to insert an Intrusion Detection System (e.g. snort, NFR, ISS, etc).

This presents 2 capture streams on separate interfaces.
I have a PC laptop with 2 LAN interfaces (one on motherboard and one PCCard/PCMCIA).
I use 2 iterations of tethereal, one collecting on eth0 and one collecting on eth1.
When collection is complete I use mergecap to create a single capture file.
Works a treat: RedHat 7.3, Ethereal 0.9.9


While I'm on my soapbox...

For the "ring buffer" type situation I just use tethereal running from cron for a fixed length of time. Again works perfectly.


Thanks to all the Ethereal team for a superb system. I've been using T&M kit for 20 years and Ethereal is right up there with the best.

Regards, Tim Everitt.
Aberdeen, Scotland.

Follow-Ups:
- Re: [Ethereal-users] Re: Looking for a new non-switched hub
  - From: Ronnie Sahlberg

Prev by Date: [Ethereal-users] about delay and jitter analysis
Next by Date: Re: [Ethereal-users] Re: Looking for a new non-switched hub
Previous by thread: [Ethereal-users] about delay and jitter analysis
Next by thread: Re: [Ethereal-users] Re: Looking for a new non-switched hub
Index(es):
- Date
- Thread