Certainly. The essential difference is that a switch grants a point-to-point connection for unicast traffic. What this means is that while broadcast traffic hits all ports on your switch if it hits any port, if two machines are having a 'standard' udp/tcp/whatever conversation, the switch limits that traffic to the two ports serving the two computers having the conversation.
Another way to state this is that a hub is one great big collision domain, sorta like a thick/thin Ethernet, and every machine sees every packet on every port. A switch is more like a multi-port bridge, with each port being its own collision domain, and broadcasts being seen on every port, but not other traffic. Multicasts on switches are seen on the ports that they are destined for, but not every port on the switch, depending on how good the switch is at handling that kind of traffic. | -----Original Message----- | From: Marc Mc Guinness [mailto:[EMAIL PROTECTED]] | Sent: Friday, November 09, 2001 15:32 | To: [EMAIL PROTECTED] | Subject: Re: Packet Sniffing in a Switched LAN | | | Hello! | | Am Donnerstag, 8. November 2001 23:24 schrieb Matt Hemingway: | > If it's a switched network, which the subject of this e-mail | > states, than Ethereal won't work. The best tool for a switched | > network is ettercap (ettercap.sourceforge.net). | > | > Personally I use Arpwatch (no url available) to find all hosts on | > the network and than use Ettercap to sniff the victim. | > | > If this is a hubbed network than Ethereal works like a charm. | | I don't understand that. Can anybody explain it to me? Why is | ethereal not good for a switched LAN, but for a hubbed one it is? | I'm starting to work with ethereal at the moment (in a switched | network). | | Best regards, | | Marc Mc Guinness |
