WRT-SPAN: OpenWRT Switch Port Analyzer (SPAN)
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
daemonlogger
etc
README.md

README.md

WRT-SPAN: OpenWRT Switch Port Analyzer (SPAN)

Project High Life: The champagne of cheap routers

This project provides software and configuration templates for building a network-managed multi-port filtering/aggregating full-frame Ethernet Switch Port Analyzer (SPAN) device using OpenWRT and Daemonlogger.

NOTE: THIS WILL NOT WORK ON THE WRT54G OR SIMILAR PLATFORMS EQUIPPED WITH ONLY A SINGLE PHYSICAL WIRED NETWORK INTERFACE TO THE CPU!!! YOU WILL CREATE SWITCHING LOOPS AND TAKE DOWN YOUR ENTIRE NETWORK ALL AT ONCE. YOU HAVE BEEN WARNED. I WILL NOT BE HELD RESPONSIBLE IF PROJECT HIGH LIFE / WRT-SPAN MELTS YOUR COMPUTER, EATS YOUR BABIES, BURNS YOUR HOUSE DOWN, OR KICKS YOUR PUPPY.

Here's a block diagram of what's going on inside Kenny, my makeshift tap, built on a $40 Linksys WRT150N wireless router:

kenny

Everything on my network is named after a character from South Park, and Kenny seemed like an appropriate name for this little fella because he died many, many horrible deaths along the way to getting this right.

Ethernet and Bridge Configuration

root@kenny:~# dmesg | egrep 'Ethernet|switch'
ssb: Core 1 found: Fast Ethernet (cc 0x806, rev 0x06, vendor 0x4243)
ssb: Core 2 found: Fast Ethernet (cc 0x806, rev 0x06, vendor 0x4243)
eth0: Broadcom 44xx/47xx 10/100BaseT Ethernet 00:1d:7e:43:e1:66
eth1: Broadcom 44xx/47xx 10/100BaseT Ethernet 00:88:88:88:00:2a
roboswitch: Probing device eth0: found a 5325! It's a 5350.



root@kenny:~# ifconfig
br-bridge Link encap:Ethernet  HWaddr 00:1D:7E:43:E1:66
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:75498956 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1537411031 (1.4 GiB)  TX bytes:0 (0.0 B)

eth0      Link encap:Ethernet  HWaddr 00:1D:7E:43:E1:66
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:75525684 errors:0 dropped:0 overruns:0 frame:0
          TX packets:84951464 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:3219450758 (2.9 GiB)  TX bytes:3884550799 (3.6 GiB)
          Interrupt:4

eth0.1    Link encap:Ethernet  HWaddr 00:1D:7E:43:E1:66
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:53110718 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22388245 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2504502284 (2.3 GiB)  TX bytes:3943308308 (3.6 GiB)

eth0.2    Link encap:Ethernet  HWaddr 00:1D:7E:43:E1:66
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:22388245 errors:0 dropped:0 overruns:0 frame:0
          TX packets:53110714 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3629872878 (3.3 GiB)  TX bytes:3248052080 (3.0 GiB)

eth0.3    Link encap:Ethernet  HWaddr 00:1D:7E:43:E1:66
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9407187 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:625278740 (596.3 MiB)

eth0.4    Link encap:Ethernet  HWaddr 00:1D:7E:43:E1:66
          inet addr:192.168.2.2  Bcast:192.168.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6794 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8698 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:505751 (493.8 KiB)  TX bytes:2418973 (2.3 MiB)

eth1      Link encap:Ethernet  HWaddr 00:88:88:88:00:2A
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:95697991 errors:0 dropped:0 overruns:0 frame:0
          TX packets:64587510 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1880088266 (1.7 GiB)  TX bytes:3105379375 (2.8 GiB)
          Interrupt:5

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:91 (91.0 B)  TX bytes:91 (91.0 B)



root@kenny:~# brctl show
bridge name     bridge id               STP enabled     interfaces
br-bridgetap    8000.001d7e43e166       no              eth0.1
                                                        eth0.2
                                                        eth0.3
                                                        

Robert Vineyard maintains WRT-SPAN and vinsec.blogspot.com