[plug] Network Analysing
Shayne O'Neill
shayne at guild.murdoch.edu.au
Thu Jan 2 14:46:49 WST 2003
Simple answer. If you are on a hub, yes, if you are on a switch no.
That's why hubs are recomended against for security reasons, and why every
network engineer worth her salt carries one around with em... (I aint one,
but I
use em for troubleshooting network software I write.. It's amazing the
perspective
one gets on ones own code when you see your new embeded toaster lan driver
sending syns instead of acks for instance.)
That said, some of the nicer switches (Ie Cisco.. the baystack stuff also)
have options
to 'mirror' a port for the purposes of packet capture.
Cheers,
Shayne.
----- Original Message -----
From: "Daniel Pearson" <plug at flashware.net>
To: <plug at plug.linux.org.au>
Sent: Thursday, January 02, 2003 2:17 PM
Subject: [plug] Network Analysing
> I'm just wondering, is it possible to view how many packets each machine
on
> a network is sending/receiving without traffic actually running through
the
> machine you're running the analysing software on (e.g. ethereal)?
>
> What I mean by this for example, is - my machine is 192.168.0.4
> The gateway is .0.1, the two other machines are .0.2 and .0.3.
> Now, I want to see what .0.1 and .0.2 and .0.3. are sending/receiving
around
> the network, and total bandwidth (i.e. number of bytes/kb/mb), by running
> software on .0.4. Is this achievable?
>
> Regards,
> Daniel Pearson
>
>
More information about the plug
mailing list