Ethereal-users: [Ethereal-users] Full Duplex Passive Sniffing

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Crowe, Graham GP" <Graham.Crowe@xxxxxxxxxxxx>
Date: Fri, 16 May 2003 17:05:57 +1000
I am trying to passively sniff a 100Mb full duplex ethernet (without disturbing the signal in any way, setting up as a bridge is not acceptable as it dramatically alters the problem I am trying to solve (I have already tried it)), I had a look through the archives and there are some posts about this, basically using two ethernet cards and connecting one to sniff traffic going one way and the other for the other way.
 
I did not see any explanation on how to do this, I am guessing that if I wire the TX pair from device A into the RX pair of device B and also into the RX on the first sniffer card, and then wire the TX from B into RX of A and RX on the second sniffer card, then I will probably get errors due to signal reflections and interference where the signal is split.
 
I have thought of using two hubs to split the two signals, but I am not sure how that will work with things like the link pulses, and the Speed / Duplex autonegotiation information as to do this the hub would be receiving data from a port where there is no TX pair connected, and transmitting where there is no RX pair connected.
 
Has anyone actually done this? If so, how?
 
 
 
Also, I would like to monitor the link pulses, the Speed / Duplex autonegotiation, and the packets that were discarded by the NIC at hardware level due to various errors (runt, jabber, alignment, CRC, etc... Even when there is no "start frame delimiter" after the preamble). Basically any time any sort of carrier is detected on the wire I would like it logged with a time that I can match up with other packets in the ethereal capture. I am having difficulty locating equipment to do this, and if there is a relatively cheap way of doing this with linux then I would like to try it. Also, if there is a relatively expensive way of doing it then I would like to know about that too.
 
 
 
Thank you
 
Graham Crowe
Electrical Engineer
BHP Steel

EOM


NOTICE - This message and any attached files may contain information that is confidential and/or subject of legal privilege intended only for use by the intended recipient. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, be advised that you have received this message in error and that any dissemination, copying or use of this message or attachment is strictly forbidden, as is the disclosure of the information therein. If you have received this message in error please notify the sender immediately and delete the message.