PDA

View Full Version : Futre networking issues possibly



Prime_Evil
12-28-2001, 02:02 PM
it is seeming more and more like hubs that broadcast all packets will be outdated. currently all netgear hubs that are 10/100 are in fact Switches. Most likely a cost issue i'm sure. I am using an old 10baseT hub... none of my switches or (so called ) 10/100 hubs will work with showeq.. or any other packet sniffer for that matter, My question is. is there a way to make this work on a MAC level perhaps? hmmmmm just trying to figure out what to do when my fiddy hunnerd year old hub takes a poop. I surely don't want to use my linux box as a router simply to get Seq packets.. anyhow just wondering if anyone else thought about this or am i missing something...

monster69
12-28-2001, 02:18 PM
The way that most low end 10/100 "hubs" operate is the 10Mb side is hubbed to all ports adn the 100Mb is hubbed to all ports. 10Mb and 100Mb traffic is then switched between these two planes.

So, if you set all your PC's to the same speed, either 10 or 100, they should be hubbed at that point and work as you would expect.

If your device is actually a true switch (i.e. all ports are switched instead of the 10Mb plane and the 100Mb plane) then hopefully you can set one of your ports to "monitor" another port. In this case, all traffic destined for your EQ PC will be replicated to a second port where you would have your SEQ box plugged in.

fryfrog
12-28-2001, 09:58 PM
actually, from what i have seen your description is both fairly right, and slightly wrong.

a.) 10mbit and 100mbit ARE seperated planes, and switching is done between them. so, a 10mbit device can't sniff a 100mbit device. you have this right, dead on for all devices.

b.) some devices will go into switch mode when there are ONLY one speed hooked up. eg: a 10/100mbit hub, with only 100mbit devices hooked up will actually be a switch (this is in the case of both of the linksys hubs i own, both different models seperated by a few years of age). i think this is true for nearly ALL linksys hubs, and probably true for many hubs made now.

c.) by adding a 10mbit device that is NOT doing the sniffing, the entire 10/100mbit hub actually becomes a real hub. all 100mbit traffic is broadcast to all 100mbit devices, all 10mbit traffic is directed to all other 10mbit devices.

unfortunatly, this is a VERY annoying issue to overcome. here is the way i did it, and a few suggestions for other ways.

1.) my router is a p200mmx with 2x 10mbit 3c509b. it is plugged into one of the hubs. anything that needs to sniff, is hooked to that hub. that hub is then plugged into the other hub, and most computers are hooked to that one. that way, all traffic flows from the unsniffing hub -> sniffing hub -> router -> internet.

2.) just hook some random 10mbit device up to the network. if you want to have a 100mbit network for the speed, just plugging in a 10mbit hub should be suffecient to make it work. if you have a dedicated router, putting a 10mbit hub between the 100mbit hub/switch and the dedicated router should fix it, without effecting local lan speed.

Prime_Evil
01-04-2002, 02:46 PM
You where dead on..
Here is what i learned to add,
The netgear hubs, are really switchs and they operate as you described.
if they are all 100's it will brodcast the packets. if you have a 10 in there it will only broadcast to the 10's and the 100's to the 100's I would assume it is slightly different how the different manufactures operate, I just switched my main switch/router to a 10/100 hub and upgraded my last 2 nics to 100's and it works like a dream.

RavenCT
01-07-2002, 07:03 AM
Worst case, just look on ebay for a cheap 10 Mbit hub.... I got one for about $12 (plus shipping of course)...

Works very well...

KennySP
01-07-2002, 07:17 AM
And slightly better than worse case get a 100MBit hub, 10MBit is too slow =)

KennySP

RavenCT
01-07-2002, 07:36 AM
Must be nice sitting on that OC3 connection then ;)

I don't know many of us at home that might have more than a 1 MBit connection...

Ah well... Welcome to Broadband... who knows what the future will bring....

casey
01-07-2002, 09:05 AM
100 mbit isnt for the outbound computer, its for the internal network :)

heres a scenario that illustrates it

there are 15 computers on this network
one exports a bout 25 gigs over various nfs mounts (/home /www to about 7 other boxes, and / and /usr to 1)
2 boxes running showeq over remote X
various lan gaming
etc.

showeq over remote X at a high res can easily suck up 1.5-5 mbit/s all by itself (X is a high bandwidth application). Thats reason enough for 100mbit, because you generally are not going to see speeds of 5 mbit on a 10mbit hub.

during big nfs activity i've seen the network throughput hit 150 mbit (full duplex switch :) )

that was at my last apt :) current apt i only have 7 boxes, but seq is still exported to another box (x2, 2 seq's to 2 different boxes for 2 different players), My 100mbit switch keeps things nice and fast.

RavenCT
01-07-2002, 10:27 AM
I only meant that if running SEQ and EQ on one segment on two different machines... I wasn't even talking about running any other X-Windows apps or NFS, etc. etc. etc....

Froglok Forager
01-07-2002, 08:00 PM
If that worries you, do what I do... put two NICs in your linux machine and route all the EQ data thru it. You can make it your internet firewall and such while you're at it.

FF

RavenCT
01-08-2002, 07:59 AM
Um, I'd rather just leave it the way it is... use the slower hub and not put a gateway on the Linux box so it has no way to talk to the outside world... just my paraniod 2cp ;)

fee
01-08-2002, 08:22 AM
FYI any system supporting raw sockets and running applications as root CAN easily talk to the outside world. If it can listen to the wire, it can certainly talk on it too.

Prime_Evil
01-08-2002, 11:32 AM
I have 7 pc's and one sun on my network.

I have standard IDSL (in the boonies) 164kb Laugh its ok. i do.
and this is what i run on it.

3 Linux/windows gaming systems
3 windows systems
1 sun.

and i must say, 100 ALL THE WAY baby.
10 hubs are just to slow now, its like. remember when you had your first 28.8 modem, now way in hell where you going back to a 2600.

RavenCT
01-08-2002, 12:14 PM
It is true that if a system can "listen" to the wire that it certainly can talk on the wire... but as far as TCP/IP is concerned, if there is no gateway defined, the there is no place other than the local LAN for the packets to go. Now, unless Veriant devises some way for EQ to send a packet that SEQ sends some sort of response too (ie, packet x causes SEQ to send either packet y or packet x+y, or scan a specific "active" port) and the Everquest client can "detect" that and notify on it, then it is impossible for the SEQ box to actually be detected...

That was more my point... Not if 10/100/1000 mbit is faster etc...

Personally, the first modem I ever dealt with was an acoustic coupler running at 110 baud... so I know about slow :)

Anyway, that's the last I'm going to bother anyone on this subject.. ( I know, I know, let it die already :) )

KennySP
01-09-2002, 11:16 AM
You could always cut the transmit wire if you are *THAT* worried about it.

KennySP

Loper
01-09-2002, 01:09 PM
As mentioned above, switches in any network larger than 2 machines are VASTLY supirior to hubs... that's a fact.

Here's the thing: If you're running SEQ, then you clearly have a Unix machine of some sort, most likely it's a Red Hat Linux box. That being said, you could *easily* defeat any limitations placed on you by the non-broadcast properties of a switch (which are good, I promise!) by simply using your Unix machine as a gateway/router/nat server for your windows (EQ) client.

On my network, small as it is, I have my Server (FreeBSD if you're curious) connecting to the internet via DSL using a (pos) Alcatel SpeedTouch modem. From there, it does NAT and serves internet (and files, etc) to the rest of my home network of 4 Windows boxes and 1 Sun. SEQ runs on the server itself and has no problems whatsoever sniffing packets on it's own network interfaces and also voids the need to transmit either X trafic or other unnecessary broadcast trafic across my local network..

It's very easy to set up. If you can get EQ working, you can get this working, I promise.

Prime_Evil
01-09-2002, 01:52 PM
Very true.
However In my personal case, My server is not doing any Nat.
I run my Showeq able box on the backside of my network for no particular reason other then, it would be more work for me to use the server as a nat. but your statement is Very true..
Switches Are better becuase they do not waste bandwidth broadcasting duplicate info to the other machines. and using a linux/unix box to do your ip forwarding through it will avoid the problems with switches.

however How much load does showeq cuase on a system that is nating more then 5 puters?
I"m sure it would work fine.
I have not tried to run showeq AND nat on the same server becuase my current server is Small and weak but awsome for being a IP forwarding firewall type peice of plastic and metal =-)

Loper
01-09-2002, 03:23 PM
My server is also very small; the smallest in my network by a good margin (P-200 with 64M Memory). NAT itself takes up nearly no processor cycles, even under realitivly heavy load, at least on FreeBSD (which handles NAT much differently than Linux, so my results may not match yours). X is the killer of my machine, although, once loaded and applications started, runs smoothly enough. My system normally hangs out at somewhere around 80% processor utilization, no matter how many or few machines are currently active (according to "top", ppp, which handles both my dialing and my NAT, and pppoa2, the utility that drives my USB modem, both use about 2% processor together with nearly no fluxuation.

By no means do I mean to say "No matter what you have going on, make your server NAT!". Rather, I was suggesting that if you have a small- to mid-sized home network that passes a lot of *local* trafic (Inet trafic is so slow that a hub works fine) that it may be in your best interested to go with a switch and have your unix machine NAT.

Another posibility, if you have more than one public IP address, is to have your server only NAT for the windows client(s) that are running EQ and being monitored by SEQ while the other machines access the Internet normally through their real IPs. This can be a little more difficult since the Windows EQ client will then be effectivly disconnected from the other machines and therefore has some undesireable routing issues, but is by no means undoable, just a little beyond "easy", at least in my opinion.

Hope some of this helps someone somewhere. ;)

Yueh
01-09-2002, 05:17 PM
If your house is wired right in the first place :) , your nat device is going to most likely be in a wiring closet like mine. Definitely reduces SEQ's usefulness if it is halfway across the house in a closed room :)

ChainPuller
01-14-2002, 04:13 PM
If you want to be really paranoid.....

SEQ is a sniffer. Any machine that sees upstream packets can derive gateway info from packet headers. SEQ runs as root. Root controls network. Therefore, regardless of what hoops you jump through on the linux box to cripple it it could still send to the internet if a particularly L33T piece of hackware were accidentally incorporated into any of the software running on the linux box. The previous post suggesting cutting the send wire might be the only protection possible.

This is Not particulary likely in the Real World.

OK paranoids sleep well tonight.

Ataal
01-28-2002, 04:02 PM
Wow, this has become quite a discussion, seems it strayed a bit from the original question/comment.

True, all retail combo 10/100 routers are switches. However, for an extra $40 or so, you can just add a 10/100 hub.

Typical setup is having a patch cable running from the uplink port on the hub to any free port on the router/switch.

casey
01-29-2002, 12:19 AM
If your house is wired right in the first place , your nat device is going to most likely be in a wiring closet like mine. Definitely reduces SEQ's usefulness if it is halfway across the house in a closed room

the location of the box showeq runs on doesnt hamper showeq's usefulness at all. just export DISPLAY and run showeq on that box, but use it anywhere. X's client/server model is a good thing :)

Yueh
01-29-2002, 08:53 AM
But that would require an Xserver in the vicinity of the EQ machine, if it is Linux why not just run SEQ there, if it isn't then it could possibly be *shudder* Exceed or something like it and we REALLY don't want to go there :)

The thread hijacking is complete!

casey
01-29-2002, 02:06 PM
personally, i run show on my gateway box (x2) and export each instance to a different linux box near the eq box that the instance is sniffing. Reason for that is a run a switched network, and only the gateway can see the packet. X and NFS work so much better over a switched segment :)

and you may want to check out xwin32 if you ever need a windows xserver. much more lightweight than eXceed (although its been a long time since i used eXceed), and has a decent feature set.

Prime_Evil
01-31-2002, 02:38 PM
Casey, How much is xwin32.. i have seen it but it appears to be around 150 dollars? that sound right ? or is there an older free version..

KSti
02-09-2002, 04:57 PM
Im using a linksys 10/100 hub with only 3 100mb devices plugged into it. Didn't have to add a 10mb device to the hub to make the 100mbit plane a hub instead of a switch, as some had suggested. It is plugged into a linksys befsr41 cable router, and it also autosenses 100/hd on that port. My biggest problem setting up SEQ was with NIC speed on the new linux box. Had to use mii-tool in linux to get my nic to set the right speed, as that driver is the suck for autosensing.

Model name is Etherfast 10/100 5 port autosensing work group hub. Has the ports and indicator lights on front, power plug on back. It is deep grey unlike the newer blue/black boxes that comprise the rest of my network.

Hope this helps if you're looking for one.

fryfrog
02-09-2002, 10:20 PM
you sure your cable router is a 10/100 port? since the cable modem is only 10, and the cable modem side of the router is only 10 as well it wouldn't make much since for the lan side to be 100mbit. there is just 10mbit for it to use and it isn't like it would be running any file services or anything. i suspect that your lan side of the router is running at only 10mbit :)

i have the same hub you are talking about. lights on the front, plugs on the front. kindof a light gray color. got power at the back. i have tested the 10mbit or only 100mbit and a lot of other ways on that particular hub. i am fairly sure (about 98%) that the way i have described it in the past is the way it is.

KSti
02-10-2002, 03:37 PM
Ya, looking at the indicator lights on both the hub and the cable router, as well as the computers. All show 100mb/sec, the 10mb plane isnt being used.

Weird!

cbreaker
03-11-2002, 11:42 PM
Few comments on some of the above thread.

- If you are on a switch, and can't do anything about that, remote X Clients work very very well, as someone mentioned. If the linux machine is in another room, no problem at all. There's a myriad of free or "trial use forever" X servers out there for windows. And of course you could use a XFree on a Linux box; whichever is closer to you when you play EQ.

- 100Mbit hubs are plentiful. (and cheap) Get a cheepy one on-line, like a D-Link hub or something. I have a cheepy "TREND Net" 100Mbit hub that works great. If you want to be extra careful (and you have no 10Mbit devices connected to the hub) you can get a "Dual Speed" hub, and avoid the "Dual Speed Switching Hub". The plain dual speed hubs are kind of a joke; there's no switch in between the 10 and 100Mbit ports. They can't talk to each other. However, they are cheaper and almost guarenteed not to switch =)

With any network with less than 20 workstations the real-world performance gains from switching is negledgable. That is unless you're doing long network operations constantly; I've yet to see a single person (or even 20 people on workstations) saturate a 100Mbit network under normal conditions. Or even 100 people. Most companies use a single T1 for an office of 500 or more people, and you still achieve decent download speeds from websites. And that's only 1.5Mbit!

- If you're already dooing NAT/Routing with an existing device or machine not capable of running ShowEQ, putting a linux box on your network and sending your traffic through that (and then through your existing solution if you require) wouldn't be a very large task. If you really want to run ShowEQ, and you can get it installed, I'm sure you could do this too. You could then output the X display to an alternate X server if the machine isn't good enough to display the graphics itself.

Anyhow, that's my 2.

-CB

SagoS
03-23-2002, 09:05 PM
Gigabit all the way!

Well, if it made any difference anyway, stuck on good ol 56k now since we moved and now im just watching the bandwidth kick ass with my 200+ LD's in the past month.

Someone loan me like 3000 bux a month so I can get some type of OC or Tier line =P

Adept
03-25-2002, 04:15 PM
If you have something other than a dumb switch you can also "mirror" ports to replicate all traffic seen on a particular switch port to another particular switch part -- thus turning those 2 ports into a mini-shared hub within your switch.

There's no way in hell I could ever run SEQ on my actual gateway even with the display exported -- my gateway is a P120 laptop with 48M of ram. Perfect for a firewall, not so perfect for decoding a key in under an hour. ;-)

cbreaker
03-26-2002, 08:42 AM
Of course, there's usually a pretty large leap from a dumb switch to a smart one.

A low end cisco 'smart' switch is the 2900 series, with 24 10/100mbit ports, all switched. That one is able to copy the packets from all others to a single port for monitoring, however the switch starts at about $800. Maybe $400 - $500 on eBay.

There's tons of ways to get a linux packet sniffable machine on your network, and most of them are real simple and cheap. I mean, if you can't do it one of the ways that you have to set it up, well, you're out of luck. Even the makers of ShowEQ can't move mountains =)

SagoS
03-26-2002, 12:56 PM
Worst case for having a showeq system set up would most likely be direct internet through the seq system, with your eq comp connected with crossover cable. But hell, if it works, its better than nothing i guess.

vmlinuz
04-12-2002, 07:40 AM
I love the way showeq inspires so many to learn a few simple things about computer networking. Reading this tread was very entertaining. I thought a few basics should be mentioned since they have not already and someone reading this tread might be confused.

A hub is a multiport repeater, it doesn't do any processing, it just takes frames(lower layer encapsulation, lower then the packets we always talk about) from one port and feeds them to all the other ports. Hubs share bandwidth, wich means everyone on that segment has to wait for everyone else to be quiet before they send to anyone. Hubs are cheaper, they are older technology that still works fine, and in some cases will save you some configuration if you're setting up showeq.

A switch is a multiport bridge, it DOES make logical decesions about where to send and not send frames based on hardware addresses, the MACs connected to it's various ports. Switches provide full bandwidth to all ports, so you and your friend can talk if even if those two over there are also talking.

A router is a layer 3 device that makes forwarding decisions based on routing tables it maintains. Some people on this thread mispoke when they called something a router, most i believe were speaking of switches.

Now, if you are trapped inside your house with a hub/switch that isn't conviently sending packets bound for your everquest client to your seq machine, set up your linux box as a gateway. If you are able to get showeq compiled and running, you should be resourceful enough to learn about setting it up. You probably don't have to worry about any of the NAT/Masq/Firewall/Proxy/etc.

Don't forget to configure your windows machine to go to your new gateway box.

I haven't learned much about these hubs that have 10 and 100 modes, but it seems silly to me, why reinvent the hub once it is obsolete? Switches are practically the same price now.

Be resourceful, it is gratifying.

Baldars
04-12-2002, 09:51 AM
I looked all over the net at various programs but nothing seems to do what I'm looking for....

I'm using a switch with all connections using static public IP addresses. I would like to have the EQ box mirror the incoming EQ game packets to the SEQ box.

Anyone know of such a program? I don't want to use the linux box as a NAT/router because it won't be running all the time.

Thanks!

g0hst
04-12-2002, 12:22 PM
arp table poisioning....

if you send out a arp packet saying the mac of the linux box owns the ip of the eq box then the switch will send the traffic to both boxes. I imagine you could do something vice versa as well.

cbreaker
04-13-2002, 02:34 PM
vmlinuz, all the things you mentioned have already been mentioned in previous replies to this thread.

We've already discussed:

- Switches, why they don't work (usually, if they are consumer switches)
- Hubs (why they do work, and how cheap a solution it would be)
- Router (using the linux box running SEQ as the gateway, or another hop to the internet)

If you have a switch, are on a home network, and can afford $20 for a cheap hub, do this. It's EASY and won't hurt the bandwidth (that you're not even using to full potential) because the only two machines that need be plugged into the hub are your workstation and the linux machine running SEQ.

If you can't do that, use the linux machine as your gateway to the internet. Use it as a router. Run SEQ on this machine.

I've seen what arp table poisoning can do, and the results are mixed. Depending on the switch, it may or may not work. Many switches will simply start sending packets to the different ports at "random", others will turn off both ports or one, sometimes the operating system will detect a conflict, etc.

I have seen no program you can install on a windows-based machine that will mirror all network traffic to an external node. Maybe there is one, I dunno.

Most of this is a repeat of previous posts.

-cb

----
"I'll send that to the Department of Redundency Department right away"

a_splitpaw_gnol
04-27-2002, 01:03 PM
Actually if you cut transmit, it will cancel the curcuit, so the connection will fail :(

myleftfoot
05-08-2002, 02:42 PM
A thread I can actually get into...

So one day I got bored. I dug through my old networking hardware (I've been a UNIX admin for about seven years, so I ahve plenty) and found a few ISA and PCI network interface cards.

I also dug up an old pentium-133 machine. Somewhere along the line it had inherited a SCSI card and 3 GB SCSI hard drive.

I figured I needed a new hub, and was strapped for cash but long on time.

So I set up my Linux box as a transparent network-address-translating repeater/bridge (can function either way). Give it a shot sometime, it's pretty darn fun. I've since reconfigured the box as a regular two-IP firewall, since linux as a bridge wasn't always happy with out-of-the-box tools like Bastille, but now that I think about it, that could be a lot of fun to do again...

cbreaker
05-08-2002, 05:17 PM
Man, I love Linux. =)

What CAN'T you do with it?