1
I have just bought my own Raspberry Pi, and I want to log all networking traffic on an Ethernet cable by using the internal network card and an USB network card
I have tried by using
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 eth1
ifconfig br0 up
But it does not work as I want it to use it as an anonymous bridge, so all MACs and so on is send directly to the router, so it does not know about the network sniffer
But how do I do that?
I would also like to log it to a file instead of using Wireshark, but does anybody know about such program?
UPDATE
I figured it out. The ISP's box was taking very long time to gain signal, so I did not wait for too long before now
I also figured out, I could use ifconfig eth0 0.0.0.0 to unset the IP address on the network card
The87Boy
Posted 2013-03-14T19:19:07.153
Reputation: 125
I believe Wireshark is exactly what you want... I'm fairly certain you can operate it via the command line, and dump packet logs to files.
– Breakthrough – 2013-03-14T19:22:13.900How doesn't it work? I've done the exact same thing several times (bridged two network cards), it worked perfectly. If you don't assign any IP addresses to your interfaces (br0, eth0, eth1), but make sure they're all up, your system will act exactly like a hardware switch. – Ambroz Bizjak – 2013-03-14T19:26:18.670
I am trying to log the traffic to my ISP's IP-TV box, but it keeps saying, that the signal is disconnected, that is all I can say as the box does not give me any further information – The87Boy – 2013-03-14T19:29:24.953
You should verify your setup by hooking up a PC to your LAN over your bridge. – Ambroz Bizjak – 2013-03-14T19:31:32.670
Also be sure to check if both network cards indicate that the link is up, using "ip link show" and making sure both eth0 and eth1 have the RUNNING flag. If one doesn't, it's most likely that you need to use a reversed cable (straight/crossover) because neither of the two network cards on the link support auto detection. – Ambroz Bizjak – 2013-03-14T19:33:47.520
@AmbrozBizjak What do you mean by not assign any IP addresses to my interfaces? It gets it automatically on
eth0(by/etc/network/interfaces), but can I unset it in any ways? – The87Boy – 2013-03-14T19:34:32.340The auto-configuration is probably not breaking it, but anyway I think you can disable it by editing /etc/network/interfaces and removing the eth0 configuration. Or maybe something more needs to be done, google it. – Ambroz Bizjak – 2013-03-14T19:37:09.277
@AmbrozBizjak None of the interfaces is showing
RUNNINGusingip link show, but if I useifconfigthey are both UP and RUNNING – The87Boy – 2013-03-14T19:44:27.993The answer here may help with your problem:
http://raspberrypi.stackexchange.com/questions/5319/how-do-i-route-between-subnets-on-a-single-ethernet-interface
@Joseph this is about making a router, the question specifically mentions that his sniffer should be transparent (and a NAT router definitely isn't). – Ambroz Bizjak – 2013-03-14T20:01:26.233
If you have solved your problem, post your solution as an answer rather than as an edit to the question. – Scott – 2013-03-14T22:24:34.913
@The87Boy: It sounds like you forgot to turn STP off. – David Schwartz – 2013-03-15T10:57:05.750
@AmbrozBizjak That is why I said "may help". – Joseph – 2013-03-15T14:08:14.730