Alright, I use my Linux machine as an extra desktop and as a samba server to store files on.

I go to university, and both machines are plugged into a Bay Networks 100mb switch, which is plugged into the wall through the uplink port.

I was under the impression that the school could not sniff anything besides the fact that there was a password protected samba server. It has recently came to my attention that I am wrong, and if I am streaming a file between the samba server and my windows machine, they can sniff that, even though it is a switch. I thought that switches linked port to port, and did not work like a hub. I guess I am wrong.

I need a way to have everything absolutly locked down. I need to be able to access my files from the linux machine, on my windows machine. I would also like the ability to stream the files. If it is encrypted, it needs to be fast enough to be able to stream, for example, a divx movie. I do not want the school to be able to detect a thing that is traceable back to me, besides the fact that there is packets going from one IP to the other IP, if even that.

What do I need to do? Would a VPN work?
Could you please point me to some how-to's, on how to setup and configure this?

And just so you know, everything on the samba machine is completely legal, they are mp3's that I have ripped from my own collection, and Divx movies I have ripped from my own DVDs. A few of my friends have had break ins, and I just do not want to have the cds and dvds at school, I do not want to have them stolen.

Any advice would be very helpful.

I considered putting a cheap broadband router between me and the schools connection, but that would prevent me from playing any LAN games with my friends over the network. I have a Linksys broadband router, but I tried using it between me and the school, but I could no longer detect LAN games in games such as Halo or CS. Is there a way around that? If I go that route, they would not be able to detect anything would they? I might then consider just putting a second network card in my machine so I could still connect to the network regularly as well.
Would this be the easiest and safest solution?

Edit: Changed name, so that its easier to search for later.
I fixed the problem, thanks guys.

I've been using network forums for years, I don't know why I was stupid enough not to give it a decent name.

using a router (ex: Linksys) would just require you to unblock ports that applications use (like games, and other things like that) because of the built in firewalls. Also, maybe a firewall would be something to concider? I don't know if that would help you, but it may be something to look into.

Another idea would be to configure two network cards (on the windows machine) in which you could run the Linux box into the Windows box and then out to the network. That would (i think) stop it from having to stream from over the network to play movies music and so on, on the windows box.

If you are on their network they can sniff everything. That has nothing to do with switches because the network traffic is probable going through a router along the way. If you cordon of your network with a router or firewall yes you will have problems detecting games but the admin will only see the connections going and coming from your network through your router. You can connect and play games, etc and allow connections in if you set it up rught.. The book I recommend called "THE LINUX TOOL KIT" it has a lot of ideals setting everything up..

using a router (ex: Linksys) would just require you to unblock ports that applications use (like games, and other things like that) because of the built in firewalls.

i don't think that would work, because it sounds like they are playing "lan" games, which need you to be on the same subnet (as opposed to "internet" games, where you can connect over a routed connection)

I would put your windows machine on the network (ick) buy a 2nd nic for it. put your linux machine behind your windows one. if you want your linux machine to access the internet, you need to turn on "internet connection sharing".

with that set up, none of the traffic between your linux box and your windows box should end up on the campus network.

alright, thanks alot guys,

I decided to go ahead and put it behind my router.

Everything is now safely hidden behind my Linksys Wireless router/ 4 port switch.

I'll just open up port 27015 for CS and whatever UT and halo uses.

well dboyer brought up a good point, that may not work nessisarily, since that is on a WAN aspect as opposed to a LAN aspect. I say your best way would be doing a second network card in one of your computers, specfically the Windows one because then you can have your Linux box easily get onto the internet if needbe and the schoolwide network wouldn't be able to find it. But out of curiousity, would they really do something like that just because of a little music and video streaming? i mean half of these schools have giant p2p networks running constantly, and nobody seems to be getting into trouble, and right within the LAN, not on another p2p network. So would they really take the time to get you into trouble, or have they?

I turned off the Wireless connection on it, and I'm using it only as a gateway between my network and the schools. And I turned off "Multicast Pass Through".

So they should not be able to see any of my stuff, besides me accessing the internet, correct?

Ground Control to Major Tom....
Sorry. Couldn't resist. Love that song...

Anyway, I know what you are thinking. You are thinking of a couple of things:

1. Switches provide a full duplex connection and both logical and physical segmentation...and with this being the case, your packets should not be easy to sniff.

Well guess what? Your right. Or more correctly stated, you are right in theory. Here is the thing. The logical segmentation that takes place in the switch is through what is known as Virtual Lans, or VLANs. Now, if you were on your OWN VLAN, then yes...your packets would not be quite so open to the rest of the world. They would be segmented so that they only terminate on the ports where that VLAN is programmed in the switch. You can assign VLANs to ports in other words. From what you are saying, multiple ports are assigned to the same VLAN. And when this is the case...guess what? It is very much like you are going through a hub, except you are doing it at full duplex since you are not in a CSMA/CD environment like you are in a true Ethernet Hub. Everybodys traffic is all part of the same group you might say...similar to a group in GNU/Linux. Most likely your network admin has setup a single VLAN for the students and can sniff out everything on it. Thats pretty much the norm.

Major_Tom: what IP addresses do your machines use? if you are assigned school addresses (for my school, its 137.229.X.X) they are 'probably' still transmitting across the network... if you put them on a different network (try the private network 192.168.X.X) and use NAT to get out of your network... that way, the only thing that leaves your network is traffic that the default gateway machine needs to route (stuff not on your subnet)

I'm using a ****ty computer (p100) running openbsd has a firewall in my campus... the packetfilter software will not only do NAT routing, but it will also change the number on outgoing packets, so they can't tell how many hosts are on my stub network :) (not that its a big deal or a neccissary feature... just sorta neat)

I'm with DSwain though... Why does it matter? just stay off of kazaa and you'll be cool. I suspect that the network admins are busy enough trying to deal with students who are doing illegal things in ways they get caught to care about the students who are being reasonably discrete.

Originally posted by feverwilly
If you are on their network they can sniff everything. That has nothing to do with switches because the network traffic is probable going through a router along the way. If you cordon of your network with a router or firewall yes you will have problems detecting games but the admin will only see the connections going and coming from your network through your router. You can connect and play games, etc and allow connections in if you set it up rught.. The book I recommend called "THE LINUX TOOL KIT" it has a lot of ideals setting everything up..

In regards to the router, this is not necessarily true. I think what you mean to say is:

1. The traffic is bound for a router if:
A. Traffic is bound for a WAN connection (IE Internet).
B. The IP in question is on a seperate subnet.

Otherwise, the packets will never hit a router. This is why you can take a Hub and have a LAN party and have it work. If you setup all the IPs within your LAN to be on the same subnet, address resolution just takes place through ARP.

With my gateway setup I have now,
My schools addy is in the 134.x range, and I am at 192.168.0.100 and .101 for my two computers.

So, the only traffic out of my personal network would be on the single address assigned to my gateway, therefore they could not see anything going on inside, correct?

Bandwidth_Pig: Thanks man, that was really helpful, great explanation.

A little too late now, but next time please use a subject that somehow describes the question you are posting. We do after all know you are posting in the Networking forum for advise to a problem you are having. Thanks