HI All,
What I'm trying to do is to have a pocket capture / traffic watcher application for network management, service usage measurements on our LAN. I'll want to know how many http, radius, ssl, smtp traffic is going on our network between my own hosts. All the equipment are connected to a catalyst 2950.
Switched networks does not allow me to watch/capture traffic on all interfaces I'll need to use some type of solution that allows me to mirror all traffic to a specific port on the switch, so I'd attach a linux box on that port and will be able to see all traffic travelling to all our routers and servers - as if they all were connected to a HUB.
I have heared about someone was counting traffic using the linux kernel ip_accounting fascility this way, but I'm not sure how to set up the switch ports for this solution.
Anyone has experience with solutions like the above?
TIA, Alex