[plug] Network Analysing

[Shayne O'Neill]

That won't work.... They *all* have to go thru the hub.
A switch will only send the packets to the card with the mac address
aluded to in the packet.

Cheers,
Shayne.
----- Original Message -----
From: "Daniel Pearson" <plug at flashware.net>
To: <plug at plug.linux.org.au>
Sent: Thursday, January 02, 2003 2:43 PM
Subject: Re: [plug] Network Analysing


> Leon,
> By saying that do you mean all the machines can be connected through the
> switch, with the monitoring machine plugged into the switch via a hub -
and
> because of that it will be able to log packets on the network?
>
> Daniel
>
> ----- Original Message -----
> From: "Leon Brooks" <leon at brooks.fdns.net>
> To: <plug at plug.linux.org.au>
> Sent: Thursday, January 02, 2003 2:43 PM
> Subject: Re: [plug] Network Analysing
>
>
> > On Thursday 02 January 2003 02:17 pm, Daniel Pearson wrote:
> > > What I mean by this for example, is - my machine is 192.168.0.4
> > > The gateway is .0.1, the two other machines are .0.2 and .0.3.
> > > Now, I want to see what .0.1 and .0.2 and .0.3. are sending/receiving
> > > around the network, and total bandwidth (i.e. number of bytes/kb/mb),
by
> > > running software on .0.4. Is this achievable?
> >
> > Yes, as long as the machines are not all plugged through a switch. If
> that's
> > the case, stick an extra hub on the gateway end of things for the
duration
> > and plug your monitoring machine into that.
> >
> > Tcpdump (for example) will capture packets in promiscuous mode so you
> don't
> > even have to have an IP which suits the network, or in theory not even
an
> IP
> > address.
> >
> > Cheers; Leon
> >
> >
> >
>
>