Well, it's fine if you don't connect anything else, but if you think of your "device" as whatever your monitor is plus the switch as your device, and port 1 and 8 as the two ports that "pass through" you'll see you've got what you asked for
The extra ports always have blanks in them and would never be used so it seems the 105e would do the job in my case. I'll order one right now.
Thanks very much for all this input. I guess I have to find the correct source for that device now.
Does anyone know what I need for source to build a firmware for the SG105E? It came in today but I cannot find any information on which version of openwrt I need.
just use the factory firmware. I'm not sure if it's supported by OpenWrt, but even if it is, for a switch I'd just use the latest factory.
I bought it for nothing then. I need one that has openwrt running on it because the tools I'm using are in openwrt. Darn, guess I have to return it then.
Connect the NanoPi to the switch. that's the device you're trying to set up right?
Here's how it works... you have network cable A and network cable B... if these were just one cable... things would work... But you want to "see what's going on on the cable"...
So you put cable A into port 1, cable B into port 5... and then the NanoPi into port 2... then you mirror all packets going into or out of port 5 to port 2... Now the NanoPi sees all the packets but the network operates at full speed as if cable A and cable B were just one cable.
That would work but it means needing two devices. I need to find just one low cost gigabit device with at least two ports that can do full speed gigabit and packet sniffing.
Doesn't really exist. The least expensive path is going to be a gigabit managed switch that supports port mirroring like the one you have, + a device that has enough CPU to process a gigabiti of traffic through a "sniffer". That's a multi-core ARM device in the 1.2GHz+ range. So most likely an RPi4 or a NanoPi maybe.
You want the switch because it's dedicated hardware that will make the network go full throttle.
1 Like
Any possible hardware available for under $50 is going to be hard-pressed to monitor gigabit speed traffic.
In particular the various "Pi" style boards aren't built for hardcore networking. The Raspberry Pi 4 comes close because it has a gigabit MAC on the CPU, connected full speed to a PHY chip. But it only has one port. The ones with more than one Ethernet port don't have high speed busses between the NICs and the CPU.
Well, I said the cheapest, I didn't say it has to be $20.00 :).
I just need something two port that will run openwrt or Linux I guess.
Some of the tp-link and gl-inet devices look like they could do the trick.
The gl-inet gl-at750s and gl-mv1000 have gigabit ports.
They won't come close to bridging and packet sniffing a gigabit. You would probably need an x86 maybe like an i5 to do that. Somewhere around $600 maybe. It becomes much easier when you rely on dedicated hardware to do the switching... Then the sniffing device can use cpu only for sniffing.
I understand now. Most of these devices seem to have a gigabit port but the other ports are either some sort of virtual version of that port or USB or something and not physical.
You're saying I need a device that can do full speed port to port via hardware so I can use the CPU power for the actual sniffing.
That's exactly it. Just sniffing a gigabit and doing stuff with the packets will take a lot of CPU. For example when I ran ntopng on my j1900 x86 router it slowed routing down to about 250Mbps.
If you let the switch do it's switching thing, then even if your CPU is unable to keep up with the flood of packets the network users will not be disturbed and the worst case is maybe you have to sample packets in the sniffer or something.
Got it. Means I'm on the hunt for something a little special as it would have to be in the $100.00 range.
A sg105e plus RPi4 2GB with case and power supply would be $120 or so
Yes but as mentioned, I have to find one single device otherwise yes, this could have worked. I have to keep the complexity super low otherwise, I'll have to spend even more time trying to explain how things hook up. One device makes it super easy.
Take a look at the Edgerouter X? probably not really quite enough cpu power, but just about ok, and has the built-in switch chip you need.
Hi, I've spent a lot of time looking and it looks like I need to get into the x86 arena to get those hardware level NICs.
I appreciate all of the input I've received here, thank you very much.