[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Thu, 12 Nov 2009, Grant Sewell wrote:
Hi all,We have some energy-monitoring networked devices in the office and we need to know how frequently our devices request NTP (UDP#123) info. Is there anyway to monitor another machine's network traffic from a Linux machine?
To monitor another machine from one machine, you need one of a few thingsSo one thing might be a deamon running on the remote device which reports back to a central server, or which would allow a central server to poll. SNMP comes to mind, but it requires the supporting software on the target device.
Another way might be to monitor the network traffic directly, but to do that you need to be in-line with the traffic (ie. have 2 Ethernet interfaces and act like a router/switch) If your main router is a Linux box, this this might be possible - trivial with tcpdump (or tshark), etc.
If you can't get in-line with the traffic, then there is a method call Arp Cache Poisoning to get yourself into the stream.
If you have a posh managed switch, then it may have monitoring capabilities where it shoves all traffic down one port regardless of the switch target (and I've forgotten the term for this - port mirroring?)
Another way would be to put the device(s) and monitoring PC on an old Ethernet hub (not a switch), then you can snoop all the traffic (tcpdump, etc.) without the above approach...
I'm sure there may be others (eg. ntop as Neil suggests), but the key thing is getting your monitoring machine to be part of the data stream which it normally isn't on a modern switched Ethernet network.
Hm. Thought of another - turn on firewalling on the router, block port 123, if it supports it and look at the logs...
Gordon -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html