|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Stop making mediocre tutorials.The best tutorials are video! Camtasia Studio makes it easy to create engaging, buzz-building screen videos at any size, in any popular format. Download the free trial!
|
|
#1
March 26th, 2004, 12:30 PM
|
|||
|
|||
Switch sniffer
Hi all,
I have a LAN network completely hooked up via some switches. The switches route traffic to a certain port based on the MAC address in the traffic. What I want to do it to sniffer the traffic on my LAN network. Is it possible to configure a switch in such a way that all traffic going thru the switch is copied to my "sniffer" port on the switch? Or do I need a sniffer or some hubs on the LAN to archieve this?? Thanks in advance Jamie
|
|
#2
March 26th, 2004, 01:19 PM
|
|||
|
|||
|
I seen a sniffer that claims it can go through switched networks yet Im not that convinced and I forgot the name.
On a cisco switch plug into a port with sniffer and enable port monitoring for all the ports. This is very intensive for the switch to do all ports but will work. Usualy you only monitor one port at a time. Port monitoring will have all traffic on one interface duplicate it under the monitoring port so you can unintrusively sniff. I know you can do this with just about every manageable switch not just cisco but their terminology is different.
|
|
#3
March 31st, 2004, 05:14 PM
|
|||
|
|||
|
I heard a linux utility called "hunt" can sniff on a switched network. Also there was an article on this here
http://www.neworder.box.sk/newsread.php?newsid=10388 higher end hp procurve switch aslo have 'port monitoring'
|
|
#5
April 2nd, 2004, 07:34 AM
|
|||
|
|||
|
Thats the one I seen Ettercap. Could not remember the name hehe. still easier to put the switches in port monitoring as a full sniff of a network consisting of only 10 minutes could generate a 100 Meg file to sift through with say 50 PCs. its more productive to go after a certain device like all traffic hitting the server.
|
|
#6
April 3rd, 2004, 10:54 AM
|
|||
|
|||
|
Sounds good that there is a utility which can sniff on a switched network.
Will see if I can find the program (I guess it is not capture program you run in Ethereal?) - and mail a message when I know how this program works Thanks Jamie Last edited by JamieH : April 3rd, 2004 at 11:18 AM.
|
|
#7
April 5th, 2004, 03:23 AM
|
||||
|
||||
|
dsniff
christo
__________________
. Spiration channels: Free scripts, programming tutorials and articles Dotcut alerts: Online Press cuttings / news alerts Clearprop: UK microlight school, wiltshire Uk dating: UK safe dating with Topdates About Christo . .
|
|
#8
April 7th, 2004, 08:48 AM
|
|||
|
|||
|
Your original post was correct. To sniff a switched network you need a switch that is capable of mirroring traffic to one port.
If your switch is not capable of that you can sniff individual links by connecting a hub to a link, connect the original device and sniffer to the hub. But you will only see multicast, broadcast, and traffic to that device.
|
|
#9
April 7th, 2004, 09:05 AM
|
||||
|
||||
|
only because switches keep an arp cache to map mac addresses to IP's. If you use a mac-spoofing based A/V, you'll probably figure out what you want.. It's harder, but nothing's impossible
 christo
|
|
#13
April 7th, 2004, 10:00 AM
|
||||
|
||||
|
I have no idea who said that, but I'm feeling like that a lot today - wrestling with Swing layout managers and trying to case-harden an app with some inane exception handling...
*sigh christo
|
|
| Viewing: Dev Shed Forums > System Administration > Networking Help > Switch sniffer |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
