Fantastik
06-20-2003, 11:31 AM
Currently with SEQ there are 3 ways to sniff packets:
1) Connect the SEQ and the EQ box to a hub so that the SEQ box has direct access to the packets as they are broadcast through the hub.
2) Connect the EQ box with a Xover cable to the SEQ box. a little route/iptables magic and you are nat/forwarding through the SEQ box so that it has direct access to the packet stream.
3) Wireless: Get a (rare) wireless card that is able to be set in permiscous(sp? My spelling sucks) mode and access the packet stream through the air. Most cards dont fully support this.
Ok, here is the deal. I'm currently using option 2. I have used option 1 in the past. I'm consolidating my home network into a nice 19inch rack besides my desk (shorty 14U) and I'm rethinking my wiring. Let me explain my needs, the ideal network setup, and how this setup messes up SEQ.
I have a wireless broadband link on my roof (8Mbit). The dish has a coax cable gookup to it. I currently have it snaking through my house into the crawlspace where The Amp for the signal sits, then a linux firewall, and a wireless Hub.
My wife has a Box in teh house, hooked ub via wireless (windows). I have 2 boxes beside my deask. Dedicated Windows/EQ box, and a second box that has Windows and linux on it. I dual box with it, or use it to run SEQ. The dual box has a Wireless card in it. It NAT's in both windows and linux and forwards packets via an ehternet Xover cable to the dedicated Windows box that is physically 12 inches away.
I have a 4th box in my house that is a media/backup box. It sits by my study TV. It runs linux, acts as my TIVO, plus runs samba and is the netmount for all the seriious storage my wife uses (read digital pictures). It has a dvd-rw and i do backups off that box too. Plus I can burn TIVO shows I want to save. It also houses my collection of FLAC and OGG Vorbis music files (some 500 cd's that i own).
What I WANT to do is this.
I want to put a shorty 19 inch rack next to my desk and rack up some of these boxes, and consolidat my network mess. I want to move the firewall, and the Wireless hub to the rack. I want to put my EQ box and my SEQ box in the rack. I want to get one of those sweet 1U APC Smart UPS and shove that in the bottom to power the rack... no more getting dumped out of EQ when teh power flickers.. I want to get a 19 incch rackmount SWITCH (with at least 2 Gigabit ports). I want to move the data storage off the meduia box by the tv. Change the media box to a Micro ATX (maybe micro ITX) and just have it service the tv, and relay streams to the stereo. I want the data and backup to be moved to teh firewall box housed in the rack. My wifes box stays as is via wireless.
The rest of the boxes that were wireless, I'm going to wire up through the switch. even with 22Mbits wireless I'm having problems with badwidth mhen I'm feeding stuff to the media box, my wife is editing huge digital pictures, ect. I need wired links.
So to reiterate new setup will be: Dish coax down to the rack. Coax to Linux firewall in rack. Firewall (doing NAT) to switch. SEQ, EQ, Backup, Media box, Wireless hub, to switch. Wifes box connected via wireless to wireless hub.
Ok, so now you see the problem. Cant sniff a switch. Cant get the packets from EQ to SEQ. I dont want to run a Xover cable like im doing through SEQ cause:
1) Its more elegant having everything switched
2) Its faster if im screwing around doing encoding or something on my linux box while im idling in EQ bazaar or something
3) If I have to reboot the linux box into windows to dual box EQ, or back to linux to use SEQ, my EQ box times out and I get dumped to login. Why? Because it takes a minute or so to reboot before NAT comes back up, timing the EQ box out.
Ok, so you say use a small hub. I have 2 options, I can connect the EQ and SEQ box to the wireless hub and use its 10Mbit hub and not connect directly to the switch./ Thats bad cause I regularly need more bandwidth than that. 3 boxes now going through 1 10Mbit hub. Wife, and my 2 boxes. Not good.
I have a spare 4 port 10/100 hub laying around. I could hook SEQ and EQ boxes to that, and that to the switch. I dont want to do it though because:
1) Not elegant
2) Still slow. I'd like a gigabit link on the linux box. Iroutinely move large files around and the gigabit woul be nice.
3) not elegant.
What I WANT is to sniff off a switch. Cant be done you say. The question si can it?
I've got a coupla ideas.
1) I've read managed switches allow you to set up rules to share packets between ports. Ie, a switched hub on certain ports. This would solve the problem. The problem is the ones im failiar with (Cisco, high end 3com) are 3 grand +. Not an option.
2) This whole mess has a linux firewall at the root of the tree. I think this is where the most promise lies.
2A) IPFilter magic. Is there a way to grab all the packets coming from/going to my EQ box and duplicate, then send them down to my SEQ box? In theory this IS doable. I'm just not sure how. Anyone do this?
2B) Rip the Pcap code out of SEQ. Make it client/server so that the pcap portion can run on any machine and toss the data off to SEQ running on any other machine. There are security problems if used the wriong way. In my archtecture there are none because its switched. Sony would ahve no way that the stream was duplicated and passed to a SEQ that was listning on a port because of the firewall, and being passed through a switch. If someone used this feature without a firewall,or through a hub, it would be a nightmare as Sony could detect the SEQ box if they knew what to look for.
2A seems the most promising for me because I dont ahve to recode a chunk of SEQ, and its very elegant. 2B however would definately work no matter what, and I'm sure alot of people would use the feature.
So I guess wht im asking is:
1) Does anyone know any other ways to snif a switch (without an arp packetstorm)
2) Does anyone ahve any ideas how to set up/use IPFilter to do what I want?
3) Would beople use option 2B above if I took the time to write it?
I know its a long post, but I think it encapsulates ALL the possible setup/problems people have had over the years with SEQ.
Thanks!
1) Connect the SEQ and the EQ box to a hub so that the SEQ box has direct access to the packets as they are broadcast through the hub.
2) Connect the EQ box with a Xover cable to the SEQ box. a little route/iptables magic and you are nat/forwarding through the SEQ box so that it has direct access to the packet stream.
3) Wireless: Get a (rare) wireless card that is able to be set in permiscous(sp? My spelling sucks) mode and access the packet stream through the air. Most cards dont fully support this.
Ok, here is the deal. I'm currently using option 2. I have used option 1 in the past. I'm consolidating my home network into a nice 19inch rack besides my desk (shorty 14U) and I'm rethinking my wiring. Let me explain my needs, the ideal network setup, and how this setup messes up SEQ.
I have a wireless broadband link on my roof (8Mbit). The dish has a coax cable gookup to it. I currently have it snaking through my house into the crawlspace where The Amp for the signal sits, then a linux firewall, and a wireless Hub.
My wife has a Box in teh house, hooked ub via wireless (windows). I have 2 boxes beside my deask. Dedicated Windows/EQ box, and a second box that has Windows and linux on it. I dual box with it, or use it to run SEQ. The dual box has a Wireless card in it. It NAT's in both windows and linux and forwards packets via an ehternet Xover cable to the dedicated Windows box that is physically 12 inches away.
I have a 4th box in my house that is a media/backup box. It sits by my study TV. It runs linux, acts as my TIVO, plus runs samba and is the netmount for all the seriious storage my wife uses (read digital pictures). It has a dvd-rw and i do backups off that box too. Plus I can burn TIVO shows I want to save. It also houses my collection of FLAC and OGG Vorbis music files (some 500 cd's that i own).
What I WANT to do is this.
I want to put a shorty 19 inch rack next to my desk and rack up some of these boxes, and consolidat my network mess. I want to move the firewall, and the Wireless hub to the rack. I want to put my EQ box and my SEQ box in the rack. I want to get one of those sweet 1U APC Smart UPS and shove that in the bottom to power the rack... no more getting dumped out of EQ when teh power flickers.. I want to get a 19 incch rackmount SWITCH (with at least 2 Gigabit ports). I want to move the data storage off the meduia box by the tv. Change the media box to a Micro ATX (maybe micro ITX) and just have it service the tv, and relay streams to the stereo. I want the data and backup to be moved to teh firewall box housed in the rack. My wifes box stays as is via wireless.
The rest of the boxes that were wireless, I'm going to wire up through the switch. even with 22Mbits wireless I'm having problems with badwidth mhen I'm feeding stuff to the media box, my wife is editing huge digital pictures, ect. I need wired links.
So to reiterate new setup will be: Dish coax down to the rack. Coax to Linux firewall in rack. Firewall (doing NAT) to switch. SEQ, EQ, Backup, Media box, Wireless hub, to switch. Wifes box connected via wireless to wireless hub.
Ok, so now you see the problem. Cant sniff a switch. Cant get the packets from EQ to SEQ. I dont want to run a Xover cable like im doing through SEQ cause:
1) Its more elegant having everything switched
2) Its faster if im screwing around doing encoding or something on my linux box while im idling in EQ bazaar or something
3) If I have to reboot the linux box into windows to dual box EQ, or back to linux to use SEQ, my EQ box times out and I get dumped to login. Why? Because it takes a minute or so to reboot before NAT comes back up, timing the EQ box out.
Ok, so you say use a small hub. I have 2 options, I can connect the EQ and SEQ box to the wireless hub and use its 10Mbit hub and not connect directly to the switch./ Thats bad cause I regularly need more bandwidth than that. 3 boxes now going through 1 10Mbit hub. Wife, and my 2 boxes. Not good.
I have a spare 4 port 10/100 hub laying around. I could hook SEQ and EQ boxes to that, and that to the switch. I dont want to do it though because:
1) Not elegant
2) Still slow. I'd like a gigabit link on the linux box. Iroutinely move large files around and the gigabit woul be nice.
3) not elegant.
What I WANT is to sniff off a switch. Cant be done you say. The question si can it?
I've got a coupla ideas.
1) I've read managed switches allow you to set up rules to share packets between ports. Ie, a switched hub on certain ports. This would solve the problem. The problem is the ones im failiar with (Cisco, high end 3com) are 3 grand +. Not an option.
2) This whole mess has a linux firewall at the root of the tree. I think this is where the most promise lies.
2A) IPFilter magic. Is there a way to grab all the packets coming from/going to my EQ box and duplicate, then send them down to my SEQ box? In theory this IS doable. I'm just not sure how. Anyone do this?
2B) Rip the Pcap code out of SEQ. Make it client/server so that the pcap portion can run on any machine and toss the data off to SEQ running on any other machine. There are security problems if used the wriong way. In my archtecture there are none because its switched. Sony would ahve no way that the stream was duplicated and passed to a SEQ that was listning on a port because of the firewall, and being passed through a switch. If someone used this feature without a firewall,or through a hub, it would be a nightmare as Sony could detect the SEQ box if they knew what to look for.
2A seems the most promising for me because I dont ahve to recode a chunk of SEQ, and its very elegant. 2B however would definately work no matter what, and I'm sure alot of people would use the feature.
So I guess wht im asking is:
1) Does anyone know any other ways to snif a switch (without an arp packetstorm)
2) Does anyone ahve any ideas how to set up/use IPFilter to do what I want?
3) Would beople use option 2B above if I took the time to write it?
I know its a long post, but I think it encapsulates ALL the possible setup/problems people have had over the years with SEQ.
Thanks!