Best Pc For A Network Analyzer

[bwanaaa]

of course the raspberry pi would be great- if i could ever get one. but since since its still in short supply, i am wondering what else would be good. and don't say the interceptor. i already have a network tap. i need something that runs wireshark. the configuration would be:

internet -> network tap -> lan switch-->lan clients and wireless access points

........................|tx....|rx..........|cat5

........................|.......|.............|

........................V......V...........V

...................... network analyzer

then i can vnc into the network analyzer from my iPad as i walk around to all the network clients to evaluate them.

so the network analyzer needs three nics - i guess there is no mini itx with such a built in config so i would need a usb-ethernet adapters (prob 2) an duse the native nic on the miniitx mobo as well.

does anyone have any hardware suggestions? or perhaps a better strategy? somewhere i read about just installing winPCAP on the network analyzer as a service. Then wireshark can run on the remote device-trouble is- i don't have wireshark for the iPad.

[Giygas]

It's not a matter of a best PC, but the right software. WinPcap would help a lot because of the easy promiscuous mode but when it comes to a PC, here's what I've done at some cafes before. This is extremely skiddy though, download Cain and Abel, APR poison (Man in the Middle attack) the devices you want and run a Wireshark scan. Traffic from the APR poisoned devices will be redirected to your PC and it will show the traffic on Wireshark. Wireshark commonly only displays your localhost traffic because the inability to go into promiscuous mode. Cain and Abel will be able to intercept that traffic information and display it. When you have wireshark running, to make it even easier, save the wireshark capture and use Network Miner to graphically symbolize the packet information. It will show the OS from the selected clients, the website and devices they interacted with. The images they've seen online, the sites they visited, etc. You can always download Backtrack linux, the wireless features are great.

Edited June 27, 2012 by Giygas

[bwanaaa]

i am not interested in arp poisoning. rather i have a network tap. i need a low power pc that will log packets and not drop them when the traffic gets heavy. my sense is that i need at least a p4. since i need to troubleshoot a network, my tap is between the wan and the lan switch. so really, my question is what is the lowest power pc that has excellent nics. since linux plays better with intel than broad com i tend to think an intel mini its box is the way to go. it would be nice though if there were an intel usb ethernet adapter-but i can't find one of those .

[dirtymelon]

i am not interested in arp poisoning. rather i have a network tap. i need a low power pc that will log packets and not drop them when the traffic gets heavy. my sense is that i need at least a p4. since i need to troubleshoot a network, my tap is between the wan and the lan switch. so really, my question is what is the lowest power pc that has excellent nics. since linux plays better with intel than broad com i tend to think an intel mini its box is the way to go. it would be nice though if there were an intel usb ethernet adapter-but i can't find one of those .

I run this board MX45GM2 with a Core 2 Duo T6570 as my Firewall/Router run squid, and tcpdump for network analyzing among other services. Never had an issue with it. A P4 while it will do the job is a power hog. If your only intention is analyzing and want to go that route, them I am positive an Intel Atom will suffice. There are several manufacturers that make Atom boards with dual Intel LAN.

[psydT0ne]

I bought another tplink TL-WR703N from ebay for this project:

http://www.minipwner.com/

Same internals as what this guy uses just cheaper.

Cost me $25au free postage.

It's a network tap, wifi access point.

Could this be a substitute/companion for the interceptor?