----- Original Message -----
From: "John Bland" <[EMAIL PROTECTED]>
To: "Lennert Buytenhek" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, September 26, 2001 1:07 AM
Subject: Re: [Bridge] Sniffing
>
> > > Eg if there is a machine, 192.168.0.1 on one side of a bridge and
another
> > > machine 192.168.0.10 on the other side of the bridge could one machine
> > > sniff the network activity of another with something like
> > >
> > > tcpdump host 192.168.0.10 (from 192.168.0.1)
> >
> > That only works if 192.168.0.10 is talking to a machine on the side of
.0.1.
> > If 0.10 talks to a machine on its own side of the bridge, no traffic
will
> > pass through the bridge. It probably won't even reach the bridge, in
case
>
> Ok, that's sort of what I'd expected. What I don't understand is the
> bridge itself not being able to 'sniff'. It has two NICs, one on each
> segment, and both in promiscuous mode. I would expect in this situation
> that something like tcpdump could sniff on either segment by specifying a
> particular interface.
>
> > you have a switched network (switches are smart.. they know where
traffic
>
> Hmm, maybe I should get a switch to write my thesis ;0).
>
The Linux bridge code is actually switch code. Go to www.whatis.com and look
up bridge and switch.
> JB
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
