Depending on your switch, you can set one port as a monitor for
additional ports, but I don't think this is a great solution for a
number of reasons, to wit:
a) depending on the switch, the monitoring works both ways (ie traffic
bound for the "sniffer" port will get replicated to other ports, which
can be used to bypass packet filters (potentially)
b) port monitoring can cause pretty substantial processor hit on the
switch (which may or may not be an issue for you
But, it is possible, and I have done it.
Henry
> -----Original Message-----
> From: Palis Michael [mailto:[EMAIL PROTECTED]]
> Sent: Friday, January 12, 2001 1:00 PM
> To: [EMAIL PROTECTED]
> Subject: Sniffer
>
>
> Where do you put a sniffer on a swithed LAN? I am trying to
> capture what is
> happening on a LAN but i can no see all activity if I put the
> sniffer on a
> port on a switch.
>
> Any suggestion?
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
