I've done some searches, re-read the FAQ, haven't been able to find any info that helps me. If I've missed something, please point me to the right thread.

I have a setup with 3 boxes (2 eq boxes, 1 seq box). Basically, I want to tell the seq box to display info about only one specific eq session. Right now it alternates between the two eq sessions it sees, with varying behavior. Sometimes it will simply use the most recent eq session it sees (whoever zoned last, for instance). Sometimes, it has constantly jumped back and forth between the two characters (i.e. the seq map updates every half second or so with alternating points of view). One time, it actually used the GPS of one character, but listed the levels of spawns in relation to the other character. In any case, I would like for it to use one session and ignore the other session. I've tried to filter by IP address and MAC address in the Network menu, but seq just sits there, never receiving any packets with those criteria.

The problem might lie in my network configuration, but I'll need some direction if I want to solve it. EQ1 and EQ2 are the nics for the windows boxes, eth0 is the sniffing nic on the linux box, and eth1 is the internet nic on the linux box. Hub and router should be self explanatory, and ISP is the connection from my cable modem.

ISP -> hub
router -> hub
eth0 -> hub
EQ1 -> router
EQ2 -> router
eth1 -> router

It should be pointed out that eth0 is not assigned an IP address by DHCP, and every time I want to run showeq, I run an "ifconfig eth0 -promisc up" to put the sniffing nic in promiscuous mode. EQ1, EQ2, and eth1 all have IP's in the 192.168.1.x range. When I enter the local IP or MAC of the box with the session I want to sniff, seq doesn't seem to see it.

Any ideas?

Does Session Tracking not work for you? There's a little checkbox that I always hit when I want it to stay on the session it has which works for me.

As a further description,

Start SEQ.
Start EQ on the machine you want SEQ to monitor. Make sure it's working correctly, then under one of the drop down menus (dont remember which) there is a session tracking option. Turn it on.
Start the second EQ box.

Everything should work alot better. Session tracking is like a set of blinders for SEQ.

Seems to be like you are getting pretty good behavior for what could be a real networking mess.

you have the ISP device coming in and pointing to a hub then the hub connects to one interface on your linux machine and another connectin to a router. Is this diagram accurate?

ISP
|
Hub
/ \
ETH0 Router
/ | \
ETH1 EQ1 EQ2

My first guess is your router is preforming NAT or something similar (PAT, NAT overload etc). The next thought is that the router is a switch and not a Hub hense the need for the hub in this configuration. This would explain why SEQ never sees data when you filter by MAC address or IP address for your EQ machines.

Still making guesses here. Guessing your ISP provides you with 1 ip address for your home/location. Your router gets assigned that address, which would explain why your SEQ session is confused. This is because it is seeing data that is directed to BOTH EQ machines because as far as the server goes and your ETH0 are concered everythign else either originates from or is going to the router and only knows the router as having it's IP Address and it's unique MAC Address.

It appears to me you are getting the data exactly as your network is configured to allow your SEQ box to get it.

To resolve this issue easily (if session tracking fails) you would need to configure your network into this topology.

ISP
|
Router
|
Hub
/ | \
/ | \
SEQ EQ1 EQ2

To try and shorten the explination (little late, huh)
Eth0 sees your entire network as having 1 IP address and 1 MAC adress even through there are multiple machines. This is the design of PAT (NAT overload).
Eth1 does not see any EQ packets because your router is a Switch not a Hub.
This would explain the behavior you are experiencing.

Again I guessed at some of the stuff, so if you have other information, like say your router really is hub and not a switch with a false label that says hub... that information would be good to know and would point us possible down a different path.

~ TK

Wow, Tor, I think you've hit the nail on the head. I'll try to sum up to verify I understand the problem. The first diagram is completely accurate: the cable modem effectively "broadcasts" its connection to the Netgear hub, which is simultaneously picked up by the Linksys switch (I incorrectly called it "router" before, since both hubs AND switches route packets) and eth0. The switch takes that connection and obtains an IP address and NATs for EQ1, EQ2, and eth1. When packets are sent back out, they go back out the switch, and are broadcast across the hub out of "NAT land", hence the only IP that eth0 sees is the one being provided by the ISP, not the local DHCP of the switch, and the only MAC it sees is that of the switch itself. ShowEQ behavior at this point is unpredictable since it's unknowingly trying to interpret data from two simultaneous, but otherwise indistinct EQ sessions.

So you're suggesting I ditch eth0 completely (maybe remove the hardware for a spare nic), and plug everything into the hub, which is plugged into the switch. That's certainly do-able. I think my only concern is packet collision on the hub, but it doesn't seem like many people are complaining about poor network performance (at least not while playing EQ).

Let's see, a 10Mbit hub can push up to 5Mbit divided by the number of hosts attached that are trying to communicate at once... Most people have less than 3Mbit for their Net link, so you will saturate your cable link before you saturate that poor little hub...

If you are truly worried about performance, then do the following:

Cable Modem -> Router -> Hub (with SEQ box) -> Switch -> All other systems

Reduces collisions to nearer to zero....

And FYI If a Switch is getting an IP Address, then it is a Router (unless you are talking about higher end networking gear like from Cisco).

Sounds like you understand it perfectly DumdumDaTroll (DDT). Your router device is a combonation device that is both a router and switch so you named it correctly.
Crynoics solution might require an extra purchase on your part but would increase your internal network peformance and still provide the ability to monitor either EQ machine based on IP or MAC address. Session tracking may be able to resolve the issue with your current configuration.

If session tracking doesn't work (search on it, have been a few good discussion on how to get it going) then either of the networking topologies changes (myself or Cryonics) suggested should resolve the issue also.

Let us know if none of those fixes seems to resolve it please, then we will have to look at other stuff.

~ TK

Good catch Tor, I almost diagramed his network, but then decided since I was at work, I should spend minimal time on the subject. Goes to show you what the bare minimum gets you.

Just thought I'd post a followup and say that simply clicking "Session Tracking" in the Network menu for the machine that I log in first locks Showeq on the character I want. This is with my *original* network config, so in fact I didn't have to change a thing. I'm happy with this, and thank you all bunches for your help. Hopefully my experience will help someone else along the way.

You can get a similar effect, where you don't have to use session tracking AND you still get the full speed of your switch... assuming your router and switch aren't built in i guess...



Internet
|
Linux Firewall
|
Real Hub
/ \
SEQ Real Switch
/ | \
EQ1 EQ2 EQ3


This is how my network is laid out. The "SEQ" system actually also has a nic stick on the switch and the nic on the hub doesn't do any traffic, just goes into promisc mode. This lets my whole network operate at switched traffic speeds, but also lets me sniff ANY outbound traffic. It also has the benefit of allowing me to sniff by MAC or IP (not just SEQ). Since all of the traffic leaving the switch to the hub is internet bound, the performance doesn't matter. My linux firewall only has 10mbit cards, and my DSL doesn't even come CLOSE to needing 10mbit.

Is your firewall box NATting so you still only have one IP from your provider?

If so that's an unusuall arangement; you for the most part have two switches for 4 devices.