guys,
let`s look at this PROPERLY(and i`m not trying to start a flame war).....
yes everyone is right you can set your 35/4/5/6 set sniff two vlans using
either a mixture of span and multiple nics....
BUT
if you have a bog standard switch .....1 nic card.....and DONT employ any
cheats.....then the standard rule of thum is that they are seperate
broadcast domains and the sniffer CANNOT snif the other domain.
SURE there are WAYS round the problem ...most of which have been pointed out
by my fellow studiers but with standard ethernet says no...
I think that`s what you`r saying????????
Later
steve
>From: Robert Padjen <[EMAIL PROTECTED]>
>Reply-To: Robert Padjen <[EMAIL PROTECTED]>
>To: "The.rock" <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
>Subject: Re: Whew! Can you smell that VLan?
>Date: Thu, 22 Mar 2001 09:06:30 -0800 (PST)
>
>I cannot speak to the 3500 series, but in the Cat
>5000/6000 line, you span a port to either copy the
>contents of a port or an entire VLAN. The membership
>of the port that has the Sniffer is moot in this
>instance. It is further possible, although I can't
>think of too many good reasons to do this, that you
>can set the switch to receive packets from the
>Sniffer, which would allow use of the port membership
>VLAN in addition to the receipt of frames from the
>span process. In essence you would get two VLANs in
>one, but, again, :( Typically I set the span port to
>a 'defunct' VLAN with no other members and no
>representation on the RSM/MSFC. I may see BPDUs and
>CDP packets, but the majority will be the traffic I
>desire.
>
>
>--- "The.rock" <[EMAIL PROTECTED]> wrote:
> > I believe that the 3500 Catalyst series will even
> > let you monitor ports on
> > other switches if you want. Check into it, but I
> > think you can.
> >
> > ""NetEng"" <[EMAIL PROTECTED]> wrote in
> > message
> > 99bbkk$p8a$[EMAIL PROTECTED]">news:99bbkk$p8a$[EMAIL PROTECTED]...
> > > We have had a pissing match lately and here's the
> > details. One person
> > states
> > > that a VLan can not be sniffed because it is on a
> > different subnet. The
> > > other person says it can becuase it's physically
> > on the same switch. I
> > think
> > > you can to a point. Here's what I mean; let's say
> > we have a 3524 with two
> > > Vlans, VLAN1 (we'll call it InfoSys), and VLAN2
> > (called HR). If I have a
> > > sniffer running on InfoSys, I should be able to
> > sniff traffic on my subnet
> > > as well as traffic from HR to InfoSys (ie HR
> > employee accessing mail
> > server
> > > on InfoSys), right? The only difference is that
> > the source MAC address
> > would
> > > change. I should not be able to sniff traffic
> > local to HR (ie an employee
> > > accessing accounting software) right? What's the
> > rub?
> > >
> > >
> > >
> > >
> > > _________________________________
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to
> > [EMAIL PROTECTED]
> > >
> >
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to
>[EMAIL PROTECTED]
>
>
>=====
>Robert Padjen
>
>__________________________________________________
>Do You Yahoo!?
>Get email at your own domain with Yahoo! Mail.
>http://personal.mail.yahoo.com/
>
>_________________________________
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
