PDA

View Full Version : Showeq not working :-(



preserver
01-25-2002, 07:49 PM
I have followed the recently published guide how to install showeq under red hat 7.2. The program compiled and runs without any error messages but its not able to get any data from the computer I am playing eq on. To make sure that the red hat box could sniff my main machine i logged out of everquest and ran the tcpdump. I was able to sniff the other machine fine. I tried doing a straight tcpdump while playing eq and it cant sniff the packets. I do have both machines on the same hub and as i said if I am not in eq i can sniff packets fine. Any suggestions? Thanks

fryfrog
01-25-2002, 10:23 PM
you need to make 100% sure that it really IS a hub. just because you can sniff traffic that seems to come from the windows box doesn't really mean you can. this is because of broadcast traffic.

some network traffic is called "broadcast" and it goes to EVERY machine no matter what (a good example of this is a dhcp request by a computer using dhcp to get an ip). when you tcpdump -i eth0 | grep <ip of winmachine> and see traffic, you need to make SURE that it is not just broadcast traffic.

if you run tcpdump -i eth0 | grep <ip of winmachine> while playing everquest, and you do NOT see any everquest traffic... you have what is known as a "hub-switch". it is a hub only in a few specific situations, and most frequently behaves as a hub.

Ataal
01-28-2002, 10:43 AM
I just wanted to follow up with what fry just posted to explain the differences as to why a hub will work and a switch won't

Hub-A hub consists of a repeater and a crossover connector (which is why you use a patch cable and not a crossover cable on a hub unless going between two hubs and there are exceptions to this too). Hubs were designed for the star topology, meaning the hub is the central point of the nodes (printers, workstations, servers). Hubs are quite dumb, they do not interact with any data...so a broadcast can be heard by all nodes on the hub. In a broadcast, EVERY NIC hears the broadcast and decides whether or not it will reply to it based on what the message is. Fry offered the example of a DHCP request for an IP address.

Switch-A switch is the same as a hub, except it does pass on broadcasts. Once the node broadcasts and hits the switch(which is it's first hop point figuratively speaking) the switch opens communication between the sender and receiver ONLY. Much like the old switch operator.

So, if you have the win machine and the linux box on a switch, the switch won't pass on the broadcast to the linux box from the win machine, meaning the linux box cannot "sniff" it.

Basically my setup is ISP--->DSL modem----->Router/switch---->dumb hub---->win machine and linux box

This gives me 3 ports on the switch(one being taken from my hub) for my laptop and friend's puters if they bring it over and 4 ports on the hub for EQ/Linux machines.

I'm just learning Linux right now, my background is more on the technician/networking side. Have A+ and MCSE NT 4 certs. Would love to add Linux to my collection one of these days )