looking at the network traffic

looking at the network traffic

[Luca Ferrari]

Hi,
using program such as ethereal, tcpdump, etc. is it possible to see the 
network traffic also if the hosts are connected thru a switch? I mean, if 
A,B,C, are on the same network, connected with a switch, can A see the 
traffic among B and C? I suppose no, since the switch should route the 
traffic to the right host directly (while an hub should not), and the only 
thing I can see should be message broadcasts and something similar. Is it 
right? Is there a way to observe the traffic over a network even if there are 
switches?
I don't want to break user's privacy, but since I'm developing  a program 
which should connect to a peer-to-peer client, and I don't have protocol 
specifications, I was wondering about a traffic dump of a session among two 
users. Nevertheless I was unable due to (I suppose) the switch.

Thanks,
Luca

-- 
Luca Ferrari,
fluca1978@virgilio.it

Re: looking at the network traffic

[Chris DiTrani]

On Fri, 2004-06-25 at 10:52, Luca Ferrari wrote:
> Hi,
> using program such as ethereal, tcpdump, etc. is it possible to see the 
> network traffic also if the hosts are connected thru a switch? I mean, if 
> A,B,C, are on the same network, connected with a switch, can A see the 
> traffic among B and C? I suppose no, since the switch should route the 
> traffic to the right host directly (while an hub should not), and the only 
> thing I can see should be message broadcasts and something similar. Is it 
> right? Is there a way to observe the traffic over a network even if there are 
> switches?
> I don't want to break user's privacy, but since I'm developing  a program 
> which should connect to a peer-to-peer client, and I don't have protocol 
> specifications, I was wondering about a traffic dump of a session among two 
> users. Nevertheless I was unable due to (I suppose) the switch.

You are correct, but if you have a managed switch it can likely be set
up with a port seeing all/selected port traffic ('port' in this context
being a physical port on the switch).

CD

Re: looking at the network traffic

[Ahsan Ali]

You can use managed switches to mirror traffic from a port to a
monitoring port on managed switches.

You can also use utilities such as macof or angst
[http://freshmeat.net/projects/angst/] (not tested by me myself) to
flood the switch databases and make switches forward traffic out on
all ports so you can capture network traffic.

On 25 Jun 2004 11:27:09 -0400, Chris DiTrani <chris@livedata.com> wrote:
> 
> On Fri, 2004-06-25 at 10:52, Luca Ferrari wrote:
> > Hi,
> > using program such as ethereal, tcpdump, etc. is it possible to see the
> > network traffic also if the hosts are connected thru a switch? I mean, if
> > A,B,C, are on the same network, connected with a switch, can A see the
> > traffic among B and C? I suppose no, since the switch should route the
> > traffic to the right host directly (while an hub should not), and the only
> > thing I can see should be message broadcasts and something similar. Is it
> > right? Is there a way to observe the traffic over a network even if there are
> > switches?
> > I don't want to break user's privacy, but since I'm developing  a program
> > which should connect to a peer-to-peer client, and I don't have protocol
> > specifications, I was wondering about a traffic dump of a session among two
> > users. Nevertheless I was unable due to (I suppose) the switch.
> 
> You are correct, but if you have a managed switch it can likely be set
> up with a port seeing all/selected port traffic ('port' in this context
> being a physical port on the switch).
> 
> CD