Re: Sniffing on switched networks.

From: Hairy One Kenobi (abuse_at_[127.0.0.1)
Date: 07/26/04 

Date: Mon, 26 Jul 2004 12:23:10 GMT

"zeebop" <yeah@um.right> wrote in message
news:u6k5g0lptr3lv5brvp83r9i8fqsh55cgod@4ax.com...
> Hi,
>
> If I'm on a switched network (PC's running windows) can I use tools
> like ethereal to sniff traffic from other PC's on the same network?
>
> I think my issue is listed here:
> http://www.ethereal.com/faq.html#q5.1
>
> If I cannot sniff this type of network, is there some specific
> hardware I could get to replace the current switch?

OK. A switch works by dynamically "switching" ports between each other; this
means that - by design - one port doesn't see another's traffic.

A hub is basically a broadcast device, with each port talking to all other
ports, and listening to all traffic.

Because it's useful for sniffing, high-end switches (e.g. from Cisco) have a
"spanning" facility that effectively configures certain switched ports into
a mini hub.

The easiest way to duplicate this for not-a-lot of money is to buy a cheap
hub and plug it into the port you want to scan, and plug the sniffer and
target connection into the hub.

One thing worth remembering - on dual-speed hubs (e.g. Netgear), there are
separate backbones ("broadcast thingies") for the 10Mb and 100Mb - when I
sniff Internet traffic on my home connection, I have to drop the sniffer to
10Mbps, half-duplex.

Leaving it to auto-negotiate 100Mb/full just gives me ARP from the Cable
Modem, rather than traffic to/from my trusty hardware router.

HTH

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!

Relevant Pages

  • Re: Sniffing on switched networks.
    ... >> like ethereal to sniff traffic from other PC's on the same network? ... >> hardware I could get to replace the current switch? ... >a mini hub. ...
    (alt.computer.security)
  • Re: sniffing network traffic, only via a hub or does it matter?
    ... show up outside the router. ... But does it matter if its a switch or a hub? ... and external ports it is using.. ...
    (microsoft.public.windows.server.networking)
  • Re: ADSL Hard Wired House
    ... My bedroom will of course have my phone line and the ADSL connection. ... switch - a hub just sends all received data out to all ports, ... the switch only transmits the data between the two ports. ...
    (uk.telecom.broadband)
  • Re: sniffing network traffic, only via a hub or does it matter?
    ... show up outside the router. ... But does it matter if its a switch or a hub? ... and external ports it is using.. ...
    (microsoft.public.windows.server.networking)
  • Re: Slow Excel saving on SBS
    ... If this is really a hub and not a switch I would change that out. ... through ALL ports where switches send them only to the designated port. ... Seems w2003SBS is checking something in the excel files and times out ... ...
    (microsoft.public.windows.server.sbs)