On Wed, Sep 26, 2001 at 12:07:07AM +0100, John Bland wrote: > > > Eg if there is a machine, 192.168.0.1 on one side of a bridge and another > > > machine 192.168.0.10 on the other side of the bridge could one machine > > > sniff the network activity of another with something like > > > > > > tcpdump host 192.168.0.10 (from 192.168.0.1) > > > > That only works if 192.168.0.10 is talking to a machine on the side of .0.1. > > If 0.10 talks to a machine on its own side of the bridge, no traffic will > > pass through the bridge. It probably won't even reach the bridge, in case > > Ok, that's sort of what I'd expected. What I don't understand is the > bridge itself not being able to 'sniff'. It has two NICs, one on each > segment, and both in promiscuous mode. I would expect in this situation > that something like tcpdump could sniff on either segment by specifying a > particular interface.
Simply because the packets don't reach it. The switch knows that the bridge is not the intended recipient for the traffic, so it doesn't send the traffic to the port that the bridge is on. If it would, it would essentially be a hub. cheers, Lennert _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
