 |  |  |
 |
Tapping Network Traffic with Fibre devicesThe Fibre is not just a stealt-mode filter, it also allows you to tap the traffic on either side of its filter. Before you try to tap traffic flowing through a Fibre device, please make sure that you can ping the device at 172.17.172.17. Simple tapping servicePort 200 runs a tapping service for the LAN side of the filter, port 201 runs a tapping service for the WAN side of the filter. Both use IP-number 172.17.172.17 which is never visible on the WAN side. Make a TCP/IP connection to the respective port and send your administration password and a newline. The connection will start dumping traffic in response, until you tear down the connection. The outcome is in the format used by tcpdump, and can thus be read by tools such as tcpdump and ethereal. These tools may complain about your rude break-off of the binary traffic, but they will otherwise work correctly. Traffic from and to IP-number 172.17.172.17 is not dumped, to avoid an avalanche of network traffic. Commandline exampleFor a live view of WAN traffic from a Linux machine connected to the LAN side of the filter, type: echo adminpw | nc 172.17.172.17 201 | tcpdump -n -r - We used the netcat utility, which is a standard tool to initiate a clean TCP/IP connection. Posted on Thu, 10 Feb 2005, 11:05. |
spin-off |  |