looking at the network traffic

Hi,
using program such as ethereal, tcpdump, etc. is it possible to see the
network traffic also if the hosts are connected thru a switch? I mean, if
A,B,C, are on the same network, connected with a switch, can A see the
traffic among B and C? I suppose no, since the switch should route the
traffic to the right host directly (while an hub should not), and the only
thing I can see should be message broadcasts and something similar. Is it
right? Is there a way to observe the traffic over a network even if there are
switches?
I don't want to break user's privacy, but since I'm developing a program
which should connect to a peer-to-peer client, and I don't have protocol
specifications, I was wondering about a traffic dump of a session among two
users. Nevertheless I was unable due to (I suppose) the switch.

Thanks,
Luca

--
Luca Ferrari,
fluca1978@virgilio.it
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: looking at the network traffic

On Fri, 2004-06-25 at 10:52, Luca Ferrari wrote:
> Hi,
> using program such as ethereal, tcpdump, etc. is it possible to see the
> network traffic also if the hosts are connected thru a switch? I mean, if
> A,B,C, are on the same network, connected with a switch, can A see the
> traffic among B and C? I suppose no, since the switch should route the
> traffic to the right host directly (while an hub should not), and the only
> thing I can see should be message broadcasts and something similar. Is it
> right? Is there a way to observe the traffic over a network even if there are
> switches?
> I don't want to break user's privacy, but since I'm developing a program
> which should connect to a peer-to-peer client, and I don't have protocol
> specifications, I was wondering about a traffic dump of a session among two
> users. Nevertheless I was unable due to (I suppose) the switch.

You are correct, but if you have a managed switch it can likely be set
up with a port seeing all/selected port traffic ('port' in this context
being a physical port on the switch).

CD

-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: looking at the network traffic

You can use managed switches to mirror traffic from a port to a
monitoring port on managed switches.

You can also use utilities such as macof or angst
[http://freshmeat.net/projects/angst/] (not tested by me myself) to
flood the switch databases and make switches forward traffic out on
all ports so you can capture network traffic.

On 25 Jun 2004 11:27:09 -0400, Chris DiTrani wrote:
>
> On Fri, 2004-06-25 at 10:52, Luca Ferrari wrote:
> > Hi,
> > using program such as ethereal, tcpdump, etc. is it possible to see the
> > network traffic also if the hosts are connected thru a switch? I mean, if
> > A,B,C, are on the same network, connected with a switch, can A see the
> > traffic among B and C? I suppose no, since the switch should route the
> > traffic to the right host directly (while an hub should not), and the only
> > thing I can see should be message broadcasts and something similar. Is it
> > right? Is there a way to observe the traffic over a network even if there are
> > switches?
> > I don't want to break user's privacy, but since I'm developing a program
> > which should connect to a peer-to-peer client, and I don't have protocol
> > specifications, I was wondering about a traffic dump of a session among two
> > users. Nevertheless I was unable due to (I suppose) the switch.
>
> You are correct, but if you have a managed switch it can likely be set
> up with a port seeing all/selected port traffic ('port' in this context
> being a physical port on the switch).
>
> CD
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html