On Fri, Jul 14, 2000 at 07:17:50AM -0500, Eric Wood wrote:
>
>
> I have a 24-port 10/100 switch. I also have a shared hub plugged in 1 port
> of the switch. the servers and power user are plugged into the switch and
> the lowly users are plugged into the shared 10Mbit hub.
>
> My ethereal maching is plugged into the shared hub. I can still see packet
> conversations between two machines that are on the switch. If I'm on a
> hub,
> how can I see these packets? Is my "switch" not really a switch?
Are the packets really between two machine (that is, unicast packets),
or are they broadcast packets? If they are broadcast packets, that would
explain why you see them. (they could be multicast, too, in which
case you *might* see them).
> In a switched environment, how does one sniff the network effectively on
> all
> computers?
In a decent switch you can configure a port (and perhaps multiple ports?
I don't know; I don't have a switch) to be a "replicator" port. (I think
that's the correct terminology") All traffic on all the ports is replicated
to that port; it's there explicitly for sniffing purposes.
> -Eric Wood
--gilbert
