These days _everything's_ a "switch" ...even the
things that say "hub" don't match what we think of as
the technical meaning of that term. Putting the NIC
into promiscuous mode won't help because the packets
aren't there in the first place. 10/100 makes things
even worse, but they were already pretty bad.
This makes sniffing anything other than your own (and
broadcast) traffic difficult. That's probably why
"sniffers" aren't so common any more. If possible run
the sniffer _on_ the machine of interest. But if
that's not possible, what can you do?
For starters, look at "sniffer" websites, most of
which cover this problem in great gory detail and
suggest all kinds of kludges. Since this is _the_#1_
problem with sniffing, coverage tends to be extensive.
Some options:
1) Use a very old hub that's "stupid" (or maybe a mini
"hub" that was real real real cheap several years
ago).
2) Get out your soldering iron and build a custom
connector.
3) If your netstack is a bank of switches, find the
manual and see how to put a port into "monitor" mode
so it stops acting like a switch and repeats all the
packets anywhere in the netstack. Almost all good
quality devices can do this ...if you find the manual
and determine the right incantation.
thanks!
-Chuck Kollars
____________________________________________________________________________________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search.
http://tools.search.yahoo.com/newsearch/category.php?category=shopping
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
