Timothy Bolz wrote:
> I am directly connected to a switch which and all the homepna switches are
> connected to the same switch . I have one of the fastest connections. So it
> sounds like I can use Ethereal and possibly ntop. Ntop looks like it would
> work nice. Ethereal looks more invasive than I'd like to get. Ntop also
> looks like it has a nice web interface and I like the fact it shows the time
> the most traffic is. So it looks like anyone on a network can run ntop?
Garl described what you can do with a managed switch. Here's what
you can do if you don't have a managed switch or you don't have
permission to manage it. (But you do have access to the physical
wiring.)
Assuming that you have something like this.
+------|--- room
Internet --- dsl modem --- trinicor gateway --------- |switch|--- room
+------|--- room
You can insert your own hub and monitoring PC like this.
yourPC
| +------|--- room
Internet --- dsl modem --- trinicor gateway -- | -- |switch|--- room
| | | +------|--- room
-----
hub
All the traffic passes through the wire between the gateway and the
switch, and it is not NATted -- everybody still has his own IP
address. So if you can tap in there, you can sniff all traffic.
If you tap in to the left of the gateway, you'll only see a single IP
address and it will be hard to distinguish rooms. If you tap in to
the right of the switch, you'll only see traffic destined to a single
room.
Does that make sense?
I have seen a program (in the openbsd ports collection, I think) that
would fool an unmanaged switch into sending all traffic to it. I
think it watched the source MAC address of broadcast packets (e.g.,
ARP), then sent out more packets with the same source MAC address.
But I can't find that program now. Sorry.
--
Bob Miller K<bob>
kbobsoft software consulting
http://kbobsoft.com [EMAIL PROTECTED]
_______________________________________________
Eug-LUG mailing list
[EMAIL PROTECTED]
http://mailman.efn.org/cgi-bin/listinfo/eug-lug
