PDA

View Full Version : Check my work........



internetmafia
10-13-2003, 10:31 PM
just wondering if this would work, i dont want to loose my 100mbit switched and still want to sniff. so i was thinking i could put a 10mbit hub off my router's Wan port, use a second NIC with a non-routable IP and get the stream on its trip to and from the cable modem. would this work or does the NAT fuction of the router mess up the packets too much?

fryfrog
10-13-2003, 11:21 PM
if the switch isn't built into your router, put the hub between your current switch and the internal side of your router. then it will be much easier to monitor sessions by mac address or ip. Since the wan connection is only 10mbit anyway, you will only be limiting traffic speeds bound for the wan side right before the router (instead of going the same speed on the wan side).

That is actually how I was sniffing for a while.

Tor K'tal
10-14-2003, 03:28 AM
My first guess with out knowing what your router really is (brand/make model, link) would be that you couldn't put a hub on the WAN port at all, but that is cause when I think of a router I think of mine specificly which doesn't allow me to plug an ethernet device on the WAN side. This isn't to say that you don't have an 10-baseT ethernet to 10-BaseT ethernet router and could actually do it. Most common home use specifi routers are one of the following: a DSL router - with modem device built in, a Cable Modem - with router built in, or a Cable/DSL router device from someone like linux that is actually a ethernet to ethernet with a few extra features.

A little more information might help.

If you do have an ethernet to ethernet device that is between your Cable Modem and your switch, the NAT (more acturately PAT/NAT Overload) would seriously effect your ability to monitor an EQ session properly if you had more than one session running, if you only had 1 session it might work. You could monitor the IP address of the WAN port and it would pick up every EQ session running on the "inside" of the network since the EQ Servers send all packets to the IP address of the router. The router then breaks them up and sends them to the proper computer internally with the proper IP Address of the computer. So SEQ wouldn't be able to distingiush between sessions. And yet another catch... if you really do have a full blown NAT in place (multiple valid IP address for use on the internet that is managed by the router/firewall) it would work just fine because you would be able to monitor the WAN address.


Lastly as fryfrog pointed out you could go router -> hub -> switch. Then hang your SEQ machine off the hub and all other machines off the switch. Here again is another assumption on my part about how big your internet pipe is, but most broadband solutions don't provide enough bandwidth to cause a noticable slow down if you use the hub in that situation. Most Broadband connections are measured in Kbs and very low number of Mbs (1 or 2). The plus side to this setup is that for all your machines connected on the switch they still get the switch level of 100Mb communication to each other, exact the SEQ machine, but since the connection to the internet is so limited and so much less than your network can support in bandwidth you shouldn't notice any change in performance there.


Too technical of an answer?

~ TK

S_B_R
10-14-2003, 09:18 AM
Putting a hub in between the WAN port and you cablemodem will work. As Tor K'tal said you'll need to have SEQ sniff your external (public) IP address. You'll also have to turn on "Session Tracking" if you plan on running more than 1 EQ client on your private network.