On Fri, 6 Sep 1996, Russ wrote:
> Howdy folks,
> I'm going to take the plunge into Unix by way of building a monitoring
> system that would be dedicated to the task of reporting the actions of
> the other machines on my very small network. Given my limited Unix
> background, I figured the best way to approach this would be to ask
> y'all what this box should be.
> I've got a 486DX-100 sitting here with 8MB of RAM and a el cheapo PCI
> NE2000 clone NIC. I've got 1GB of drive and an ATI VGA Wonder VGA
> adapter. A floppy, a Future Domain TMC3260 PCI SCSI-2 adapter, and a NEC
> 3x SCSI CD round out the box.
> - what OS should I use (downloadable from the net would be preferred)
Linux or FreeBSD. I prefer Linux, as it has, IMO, better SNMP and
general network monitoring tools, plus lots of firewall toys. Either
will suit your purposes equally well.
> - will the OS support the hardware I described or do I need
> more/different/better hardware
I would consider upgrading the Ethernet cards to real cards: SMC, 3com,
etc. Other than that, this should do.
> - what packet monitor tool would be recommended, I would like something
> that I can set filters on and run several filters at once into different
> captures if possible
> - could somebody lend me a bookmark file of Unix tools links for the
> recommended OS
If you are just talking about packet sniffing (no SNMP, etc.), then
tcpdump with some perl on top is about the only way to go. A group in
Australia is working on some more specialized packet sniffing tools;
netman or something like that. The url escapes me.
> - configuration recommendations would be appreciated
Read the man pages, write a perl script to collate the output of tcpdump,
and read the result when you have time. As far as the box goes, install
the os, become root, and run tcpdump. There's not that much to it.
> I've got similar functionality in my NT boxes, so its not that I can't
> do this in NT. I want to put a dedicated box in place for this now so I
> figured I'd give Unix a try at this before I put NT on it. If it works
> well, I'll just leave it there, maybe allowing me to give you more
> detailed dumps of NT activity that you can actually grep...;-]
Now we get to the heart of the matter! See if you can reverse engineer
Quake's network behaviour while you're at it. 8^)
Good luck; mail if problems.
Todd Graham Lewis Linux! Core Engineering
Mindspring Enterprises tlewis @
com (800) 719 4664, x2804