Sniffing gigabit ethernet? 1000baseT LAN taps?
Kevin D. Clark
kevin_d_clark at comcast.net
Mon Apr 14 17:44:13 EDT 2014
Joshua Judson Rosen writes:
> "Michael ODonnell" writes:
> >
> > I don't know what your situation is but if there's a managed
> > switch involved I believe that some of them can be rigged to
> > echo traffic to one or more specified ports for analysis/debug.
>
> Mm. Good point. I don't think I have any managed switches on-hand;
> any recommendations as to what I should get, if I go that route?
The feature you'd want here is commonly called port mirroring or port
spanning.
More info here:
http://wiki.wireshark.org/CaptureSetup/Ethernet
I do have a small word of advice: it is generally useful when
capturing traffic for analysis to come up with some sort of "capture
filter" that limits the amount of traffic that you're going to end up
with. On a really busy link, this can make it a lot easier to analyze
the traffic at a later time.
Regards,
--kevin
--
alumni.unh.edu!kdc / http://kdc-blog.blogspot.com/
GnuPG: D87F DAD6 0291 289C EB1E 781C 9BF8 A7D8 B280 F24E
And the Army Ants, they leave nothin' but the bones...
-- Tom Waits
More information about the gnhlug-discuss
mailing list