Re: how can I setup a network monitoring station

[Rory Campbell-Lange <rory@campbell-lange.net>]

Hi Mark

Thanks for the mail.

On 21/04/02, Mark Roach (mrroach@uhg.net) wrote:
> On Thu, 2002-04-18 at 11:08, Rory Campbell-Lange wrote:
> > I have tested tcpdump at another smaller office where I was able to
> > trace all the network traffic between the gateway and workstations all
> > linked on the same small switch. However in the larger office the Bay
> > 450-24T (now Nortel) managed switches we use appear to confound tcpdump
> > so that only traffic between the localhost and the targeted system
> > appear, even if I place a mini-hub between the tracing machine and the
> > switch (which also provides the network connection to the router). 

> you should probably do 
> 
> listener system->hub<-router
>                   |
>                 switch

Thanks for the advice. It makes sense now. I'll adopt this scheme or use
the switch's port mirroring feature.
> 
> another thing you might try, allthough I wouldn't reccomend running this
> for 3 days at a time, is one of the tools included with dsniff, can't
> recall the name of the tool, but it floods the switch with mac addresses
> to make it revert to 'hub mode.'

I'm not sure our network users would be happy with this! I'll have a
look at the package though - thanks for the tip.

Regards, Rory

-- 
Rory Campbell-Lange 
<rory@campbell-lange.net>
<www.campbell-lange.net>


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org