[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Monowall to Cisco VPN
 Date:  Wed, 2 Mar 2005 13:53:51 -0500
On Wed, 2 Mar 2005 12:59:51 -0500, Claude Morin <klodefactor at gmail dot com> wrote:
> At this point it's probably best to do something like:
>         m0n0wall-----hub**-----Internet-----Cisco831
>                             |
>                         sniffer
>                            PC
> and watch, packet by packet, to confirm what's missing, and from which
> end.  For sniffing, I use Ethereal pretty much exclusively these days;
> it's supported on many platforms, including MS Windows.

Agreed, this is the next step I'd take as well. 

> ** For the less experienced people following this discussion: it's
> important to use a true hub in the pictured configuration, not a
> dual-speed hub unless you're sure all three devices are communicating
> at the same speed, and definitely not a switch.  Otherwise, the
> sniffer PC won't see the traffic between the m0n0wall and the
> Internet.

For those that might be wondering why, a 10/100 hub is a 10 Mb hub and
a 100 Mb hub connected by an internal switch between the two.  You
can't put two speeds on a true hub.  So to ensure you're seeing all
the traffic, you either need to make sure it's a true hub, or the
devices are all the same speed.  If you have a managed switch, it
should have port monitoring or SPAN capabilities, which will also
suffice when configured appropriately.