Both of the replies I've seen thus far don't take into account the "Switched LAN" portion of your question - so I'll attempt a more in depth answer.
Unless you are running on switches that allow you port monitor you will not see all the traffic - from all the ports - all the time, no matter what tool you use. Ettercap and others make allowances for switched networks by utlizing arp poisoning - but this is really only useful when you already know the the traffic between two hosts that you want to monitor. Port monitoring is what you really want if you want to see ALL the packets coming and going. Cisco switches allow port monitoring as do most higher end switches from IBM, Intel, HP, 3com, etc... Multiple switches can present you with additional headaches and if management accross all the switches isn't possible then port monitoring probably isn't either. Meaning a monitoring station for each switch. > -----Original Message----- > From: Jacques Chicourel Nunes Vaz - BA > [mailto:[EMAIL PROTECTED]] > Sent: Thursday, October 25, 2001 1:33 PM > To: '[EMAIL PROTECTED]' > Subject: Packet Sniffing in a Switched LAN > > > Hi folks, > > I have a Lan with 200 desktops and IŽd like to sniff it. What > tool can I use > to see all the packets ( going and coming ) ? > Any suggestions ? > > Regards, > > Jacques >
