With regard to switches and sniffing:
Cisco and HP switches can be set to "echo" traffic to
a "spanning port" (cisco's terminology). Any reasonably
manageable switch should be able to do this. You WILL
need console or telnet access to the switches in
question, tho.
WRT sniffing vs. kernel logging:
Sniffing with tcpdump can get you loads more info than just
logging instances of ip packets in the kernel. Set tcpdump to
snag entire packets, then dump tcpdump output into ethereal.
WRT to ipchains:
Those lines appear syntactically correct, assuming that your machine
is a gateway for the target device.
You probably only need the 'input' filter though.
Bret Hughes wrote:
>
> Mike -
> My guess is that the user might not be needing to send packets through this
> box? This will only log packets (assuming the rules are correct and I
> think you might need an interface ). Perhaps tcpdump is what you want.
> You will need to place the machine in a location on the network that the
> packets will hit the nic being dumped. Switches are probably not your
> friend in this case since the only packets that are sent down a particular
> wire are for machines that are down the link. I have 0 experience with
> them and there may be a way to get it to work anyway.
>
> Bret
>
> Mike Lewis wrote:
>
> > I'm trying to track a certain user's Internet activities on my network.
> > I've installed the following ipchains rules, but it isn't working.
> >
> > $IPCHAINS -A input -l -s 192.168.1.147 -d 0/0 -j ACCEPT
> > $IPCHAINS -A output -l -s 192.168.1.147 -d 0/0 -j ACCEPT
> >
> > Is there an easier/better method to accomplish this ? I don't wish to
> > install tracking for all users, just certain isolated cases.
> >
> > Thanks for any help,
> > Mike
> >
> > --
> > To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> > as the Subject.
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
--
-------------------------------------
Sam Bayne - System Administrator
North Seattle Community College
[EMAIL PROTECTED] (206)527-3762
=====================================
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
