I have a really basic question (I think). We have two boxes connected
to a lan segment on a hub. One is a Windows box running "Show Traffic",
the other is a CentOS 5 Linux box running "ntop". Both boxes should be
able to sniff all of the traffic on that hub (not a switch).
The Windows box do
> I have a really basic question (I think). We have two boxes connected
> to a lan segment on a hub. One is a Windows box running "Show Traffic",
> the other is a CentOS 5 Linux box running "ntop". Both boxes should be
> able to sniff all of the traffic on that hub (not a switch).
>
> The Window
On Thu, Jan 17, 2008 at 08:37:55AM +0100, Simon Matter wrote:
> > I have a really basic question (I think). We have two boxes connected
> > to a lan segment on a hub. One is a Windows box running "Show Traffic",
> > the other is a CentOS 5 Linux box running "ntop". Both boxes should be
> > able
Simon Matter wrote:
>
> Are you really sure your CentOS 5 interfaces are running in promiscuous mode?
>
I'm about 90% sure. When the box restarts, there's a message in
/var/log/messages that the NIC is entering promiscuous mode. However,
when you look at ifconfig, the PROMISC flag on the car
These days _everything's_ a "switch" ...even the
things that say "hub" don't match what we think of as
the technical meaning of that term. Putting the NIC
into promiscuous mode won't help because the packets
aren't there in the first place. 10/100 makes things
even worse, but they were already pre
Chuck Kollars wrote:
> 3) If your netstack is a bank of switches, find the
> manual and see how to put a port into "monitor" mode
> so it stops acting like a switch and repeats all the
> packets anywhere in the netstack. Almost all good
> quality devices can do this ...if you find the manual
> and
Thomas Harold wrote:
> I have a really basic question (I think). We have two boxes connected
> to a lan segment on a hub. One is a Windows box running "Show Traffic",
> the other is a CentOS 5 Linux box running "ntop". Both boxes should be
> able to sniff all of the traffic on that hub (not a
>The follow-up answer to this issue was that it seems that the Intel
PRO/1000 dual-port PCIe card does indeed not function correctly in
promiscuous mode when connected to a 100Mbps hub. (In this particular
One thing to consider is that the traffic on a dual speed hub is actually
segmented (vi
