NETWORK WORLD NEWSLETTER: RON NUTTER WITH ASK THE EXPERTS 09/01/04 Today's focus: How to sniff a network
Dear [EMAIL PROTECTED], In this issue: * Help Desk columnist Ron Nutter offers advice on the best way ��to sniff a network * Links related to Ask the Experts * Featured reader resource _______________________________________________________________ This newsletter is sponsored by Oracle An Economist Intelligence Unit White Paper: From Grid to Great? Grid computing is breaking out. Familiar mostly to academics, government groups, and scientific researchers, this technology that links together the power of diverse computers to create powerful, fast and flexible systems is beginning to catch on in the corporate world. Included in this white paper, results and interviews from a global survey among Sr Executives, click to download now http://www.fattail.com/redir/redirect.asp?CID=78713 _______________________________________________________________ IS SECURITY RIPE FOR OUTSOURCING? Security demands for online applications such as e-commerce and Web services are prompting more corporate customers to hand off security functions - such as intrusion detection and firewalls - to outside service providers. Find out if security should be outsourced in this Network World article: http://www.fattail.com/redir/redirect.asp?CID=78225 _______________________________________________________________ Today's focus: How to sniff a network By Ron Nutter I'm learning how to use a protocol analyzer to resolve different problems on our network. Our net is a hodge-podge of equipment; some parts are still using hubs and others are using more up-to-date Ethernet switches. Which is the best way to connect a protocol analyzer to an Ethernet network in order to "sniff" the packets on the wire? - Via the Internet The best way to connect to a network to analyze the packets depends in great part on the kind of equipment you have available. In earlier days of networking, the answer was simple - just plug into a hub and you were ready to go. With Ethernet switches today, the answer starts to become "It depends." By design, most switches won't allow you to see the traffic from a server destined for a workstation other than the one you're at. This can be done but involves something called port mirroring. This is where you copy the traffic destined for one port on the switch in question to another port. There are two types of switches - unmanageable and manageable. Unmanageable switches are cheaper than their manageable counterparts and generally lack the ability to do port mirroring. Just because your switch says it is manageable may mean little more than it supports SNMP and still may not let you do port mirroring. This is an important item to clarify when you buy additional switches for your network. If your switches don't support port mirroring, you still have a couple of options. It is possible in most cases to put a hub between a workstation under test and the network. You can plug your protocol analyzer into the hub and see both sides of the traffic. Just because your hub says on the outside that it is a hub doesn't mean that it's on. Some of the vendors in the entry-level end of the market sometimes use the same production line to produce hubs and switches, so you may have a switch that's a hub and a hub that is actually a switch. In doing some research on open-source software recently, I found information on how to make a passive Ethernet tap ( <http://www.snort.org/docs/tap/> ). This is an interesting idea that presents a unique solution to a problem. With the passive Ethernet tap, you can put it inline between a network and a system under test and look at just one side of the conversation without having to implement additional filtering within the analyzer you are using. This does mean you won't be seeing all of the conversation at once, so you may have to do some additional packet captures to get the whole picture. The parts to build this should run around $20 and it doesn't require any power to make it work. It's a good thing to have in your bag of tricks when a hub isn't available or can't be used for one reason or another. RELATED EDITORIAL LINKS Free protocol analyzers http://www.nwfusion.com/links/Downloads/Management/index.html Selecting a protocol analyzer Network World, 02/10/03 http://www.nwfusion.com/columnists/2003/0210nutter.html Learning how to use a protocol analyzer Network World, 10/27/03 http://www.nwfusion.com/columnists/2003/1027nutter.html _______________________________________________________________ To contact: Ron Nutter Ron Nutter, a Master Certified Novell Engineer and Microsoft Certified Systems Engineer in the Lexington, Ky., area, tracks down the answers to your questions. Send your questions to <mailto:[EMAIL PROTECTED]>. _______________________________________________________________ This newsletter is sponsored by Oracle An Economist Intelligence Unit White Paper: From Grid to Great? Grid computing is breaking out. Familiar mostly to academics, government groups, and scientific researchers, this technology that links together the power of diverse computers to create powerful, fast and flexible systems is beginning to catch on in the corporate world. Included in this white paper, results and interviews from a global survey among Sr Executives, click to download now http://www.fattail.com/redir/redirect.asp?CID=78712 _______________________________________________________________ ARCHIVE LINKS Dr. Internet archive: http://www.nwfusion.com/columnists/blass.html Nutter's Help Desk archive: http://www.nwfusion.com/columnists/nutter.html _______________________________________________________________ FEATURED READER RESOURCE NW FUSION PARTNERS' SITES NOW AVAILABLE Network World Fusion Partners is a collaborative effort between Network World and sponsoring Partner companies. Each microsite contains best-of-breed information as well as custom content not found anywhere else, including a custom email newsletter and special offers. It is current, top-of-mind information that is readily accessible and bundled into one comprehensive package.. Visit the NWFusion Partner sites to learn about storage solutions, network access solutions, optical networking and more. Visit NWFusion Partners at: <http://www.nwfusion.com/go/nwprr> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED] ------------------------ Yahoo! Groups Sponsor --------------------~--> Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar. Now with Pop-Up Blocker. Get it for free! http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/BCfwlB/TM --------------------------------------------------------------------~-> Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/kumpulan/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
