If you are on a switched network, you will only see traffic on your vlan.
Also, if the computer you are using as a sniffer is on a switch port, it
will only see it's own traffic. Most switches will allow you to set them up
to receive all traffic on a particular port. However, this could cause
serious network congestion on that port, switch and/or vlan. Also, some
products that operate in demo mode purposefully limit data collection to
your own host.
Steve
-----Original Message-----
From: Jason Brown [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 15, 2001 2:33 PM
To: [EMAIL PROTECTED]
Subject: Network Sniffers
Hello All,
I am trying to set up a sniffer so I can see what the users are doing on the
Internet and see if they are abusing the service.
To date I've install Ethereal and Ksnuffle but neither are working as they
should.
I can sniff traffic to and from the machine running the software, but the
rest of the network traffic is not visible.
According to all the documentation I found, the network cards are put into
promiscuous mode automatically by the software. From what I can see, it's
almost as if the cards are not.
I've installed the software on RedHat 6.2 and 7.1 and used 2 different types
of NICs on 2 different machines, and one is a 3Com 590. Anybody know why I
can't see everything???
What I want to do is generate a graph that will tell me how much NNTP
traffic in being pulled down. I know they are pulling down VCD files and I
am 99% sure this is causing the slow response, but I'd like to have proof
before I point fingers. Ksnuffle looks like it will work, but if someone
else has another solution, please let me know.
Thanks,
Jason
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
