Although presented in a bad-guy context, this may also be valuable for good-guy usage, such as ntop - say you want to monitor a specific traffic segment (maybe a sub-backbone) and can't put a tap in it. Just make sure you have decent NICs so you don't drop too many packets.
It could also explain why you are seeing lots of traffic that doesn't belong on your segment - the tattle tale would probably be a lot of ARP packets. ARP/RARP is reported on the All protocols | Traffic page. -----Burton ----Forwarded message from [EMAIL PROTECTED] Many of us know that sniffing is possible in a shared i.e. non-switched ethernet environment. But only few of us know that sniffing is also possible in a switched ethernet environment. One of the reasons is that it's not that straighforward. But it's not impossible or difficult. You can use man in the middle technique like ARP spoofing to sniff in a switched environment. This presentation is an attempt to explain how can somebody sniff in a switched ethernet using ARP spoofing. Dsniff has existed for long as a tool for various sniffing activities. But recently, tools like EttercapNG have made it easier. Link to my original post and presentation - http://manugarg.freezope.org/2005/06/sniffing-in-switched-network-many-of.ht ml cheers, -Manu _________ Manu Garg http://manugarg.freezope.org "Truth will set you free!" _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
