On Thu, 2002-04-18 at 11:08, Rory Campbell-Lange wrote:
> I have tested tcpdump at another smaller office where I was able to
> trace all the network traffic between the gateway and workstations all
> linked on the same small switch. However in the larger office the Bay
> 450-24T (now Nortel) managed switches we use appear to confound tcpdump
> so that only traffic between the localhost and the targeted system
> appear, even if I place a mini-hub between the tracing machine and the
> switch (which also provides the network connection to the router).
this sounds like you are doing
listener system->hub->switch->router
is that correct? if so, you should probably do
listener system->hub<-router
|
switch
another thing you might try, allthough I wouldn't reccomend running this
for 3 days at a time, is one of the tools included with dsniff, can't
recall the name of the tool, but it floods the switch with mac addresses
to make it revert to 'hub mode.'
Hope that helps,
Mark Roach
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
