[geeks] monitoring traffic on my switched LAN
Micah R Ledbetter
vlack-lists at vlack.com
Sun Jun 10 08:34:15 CDT 2007
On Jun 6, 2007, at 16:16, Charles Shannon Hendrix wrote:
> I need to do traffic monitoring on my LAN.
> However, I use a 3Com SS 3300XM switch these days.
> On my old switch, I used the MDI port to sniff all LAN traffic using a
> hub, but this switch doesn't have one.
> It can do port mirroring, but only one port at a time. It doesn't
> an MDI connector, rather it uses a high-density connector to talk to
> other units in its "stack" family.
> It is supposed to support RMON and SNMP, but so far I've found no
> way to
> sniff traffic using either.
> Anyone know a trick I might try to get what I want?
On networks that you don't own, you can do ARP spoofing to become the
gateway machine, but since the network is yours, can you do the
sniffing on your router? (Obviously this will only catch traffic that
goes through the router to/from the internet, not all LAN traffic.)
If you want to catch *all* LAN traffic between each node, I'm not
actually sure... I think you could use ARP spoofing for that, by
telling the clients that they need to resolve to your sniffer machine
for *all* internal traffic, but you'd need a fatter pipe on your
snooping machine than your client machines if you wanted to handle
that at full speed. I could be talking out of my ass here, though.
More information about the geeks