I recently became interested in getting a better handle on bandwidth usage on our Internet connection at work. I wanted to see what I can do for free (or at least very cheap) so I started researching solutions using Linux. Before I can try out any software though, I need a computer that can do the monitoring. I decided to build a transparent bridge or “Machine-In-The-Middle”, which is a computer with two network interface cards (NICs) which are bridged together so that any traffic going to one card is passed through to the other. The bridge computer is installed in between two other nodes on the network, and any traffic passed through the bridged NICs can be monitored by the bridge computer. The bridge creates a slight delay, but is otherwise transparent to the nodes it is connected to.
Most of the information I used to guide me in setting this up came from Bridging Ethernet Connections at the Ubuntu community wiki and this page on how to setup a bridge in Debian from microHOWTO. I thought it might be pretty difficult, especially since I’m not a hardcore Linux guy, but I found it to be surprisingly easy. For the rest of this post, I’ll cover what I did to setup my transparent bridge computer.
I dug around the IT closet at work and pulled out a Dell Optiplex with a Pentium D 3.0Ghz processor and 1GB RAM. This is fast enough that the resulting delay from the bridge should be miniscule. I also grabbed a couple Intel PRO/100 NICs. These are quality NICs and very compatible with every OS I’ve thrown them at. I could have managed with just one and used the integrated LAN, but I though it better to have the two NICs be about the same. It also leaves the integrated NIC available if I want to use it for other purposes.
For the operating system, I used Linux Mint 15 xfce 32-bit, since it’s my distro of choice and I already had an installation disc on hand. After installation, I verified my ethernet interfaces, and found my two Intel NICs are eth0 and eth1 and the integrated NIC is eth2. I’ve seen other computers where the integrated NIC is eth0, so it’s important to verify this before proceeding.
With all of that done, I opened the terminal and set to work. First install bridge-utils:
sudo apt-get install bridge-utils
Now create the bridge. I like to use GEdit (though I could stumble through vi if had to), so I did this:
sudo gedit /etc/network/interfaces
And then append the following to the file and save:
auto br0 iface br0 inet dhcp bridge_ports eth0 eth1 bridge_stp on
Now to bring br0 up:
sudo ifup br0
Then run ifconfig and verify it’s working. It was!
I rebooted the computer to make sure br0 came up automatically, then inserted it between my network switch and a laptop. The laptop was able to browse the web while connected through my transparent bridge. Success!
Finally, as a test to see if I can actually monitor what’s going on, I installed Driftnet (via Software Manager) and ran it:
sudo driftnet -i br0
Below is a video of me browsing flickr on the laptop, and the images show up in Driftnet on the transparent bridge:
This was a lot easier than I expected it to be, and it serves as a good foundation to setup a machine for troubleshooting and monitoring the network. In a future post, I’ll cover how I went about installing ntop to provide powerful network usage reporting.