when last we saw our hero (Tuesday, Oct 12, 2004), Brian Wall was madly tapping out: > I have a box set up with Ethereal. I need to monitor traffic on a > network segement to find a chatty box (or several for all I know). > As luck would have it, the entire segment is a series of switches, > so Ethereal doesn't tell me much when I plug it in. I heard a rumor > that I need to turn on something called "port replication" that > steals all the traffic on a given segment and pumps it all to one > port so Ethereal gives me some real stats. Anyone have a HOWTO or > some basic tips for doing such a thing? > if you have managed switches you simply need to configure the port to mirror the traffic to the port that your sniffer is attached to. if you're running a cisco switch you use the 'port monitor <interface>' command on the sniffer interface. e.g.: on a 6500 running native mode ! int g6/1 port monitor fa1/21 port monitor fa1/22 port monitor fa1/23 port monitor fa1/24 port monitor VLAN100 ! the syntax is different if you're running catos. you use the 'set span <src int> <dest int>' command. -- steve ulrich sulrich at botwerks.org PGP: 8D0B 0EE9 E700 A6CF ABA7 AE5F 4FD4 07C9 133B FAFC _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota Help beta test TCLUG's potential new home: http://plone.mn-linux.org Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list