On Fri, Jan 24, 2003 at 12:34:52AM +0100, activeco@xxxxxxx wrote:
> Actually I needed a tool for only one task: to catch the NXDomain
> requests (non existing domain names) from (part of) Internet, so I
> thought Ethereal must be the best thing.
>
> Now my basic question is can I sniff at all on Internet,
You can only sniff on the part of the Internet that
1) passes through the machine on which you're running your
sniffer program (whether it's Ethereal or not)
or
2) passes through a hub into which your machine is plugged.
"Hub" has to be a real hub, not a "switching hub" and definitely not a
switch (unless the switch supports "port mirroring" or whatever the
switch vendor calls it - I don't know what switches support it other
than Cisco Catalyst switches, don't know what vendors other than Cisco
call it, and don't know how to make the port into which your machine is
plugged a mirrored port; there's an Ethereal FAQ on this:
http://www.ethereal.com/faq.html#q5.1
). If it's a dual-speed hub, it'll work only if the traffic you're
trying to capture is running at the same speed as the network interface
on the machine that's doing the capturing.
> I have cable connection, Sitecom 4S broadbandrouter with built-in
> 4port switch
Oh, dear. You said the "s" word.
There's a switch in the broadband router, so traffic between the
Internet and the other computers won't get sent to your computer, and
you won't be able to see it while you're plugged into a port on that
router.
If the router has 4 Ethernet ports going in, and one Ethernet port going
out to the cable modem, you could get a 4-port hub, plug the router's
outgoing Ethernet port into one port of the hub, plug the cable modem
into another port of the hub, and plug your Ethereal machine into a
third port of the hub; you won't be able to go through the router to get
to the Internet on that machine, but you should be able to watch traffic
between the router and the Internet.