On Sep 22, 2003, at 2:42 PM, Lee_Shackelford@xxxxxxxxxx wrote:
Good afternoon, ethereal users. I wish to pose a question about
electrical
connection to one's network. I have a workstation that connects
directly
to one port of a switch using a 100baseT ethernet with category 5
cable. I
have installed ethereal on an I.B.M. Thinkpad. I wish to
simultaneously
monitor transmissions from the switch to the workstation, and from the
workstation to the switch.
I.e., the workstation and the Thinkpad are separate machines?
How do I attach the Thinkpad? I believe that
the ethernet is wired for full duplex operation. If this is a question
that has been asked many times before, it is sufficient to inform me
of the
reference that addresses this issue, whether in print, or on the web
or on
Usenet.
The answer depends on the switch (and the answer might be "you can't"):
http://www.ethereal.com/faq.html#q5.1
If the Thinkpad has two 100-baseT interfaces, it might be possible,
with some OSes, to turn the Thinkpad into a "bridge", so that it passes
all traffic on an interface through to the other interface, in which
case you might be able to plug the Thinkpad into the switch and plug
the workstation into the Thinkpad, and sniff on one or the other of
those interfaces. I don't know any more than that, however (except
that the answer might be "possible on Linux, maybe on BSD, quite
possibly not on Windows).
Unfortunately, Endace:
http://www.endace.com/
don't appear to have any PC Card devices; otherwise, if the Thinkpad
were running Linux, you could possibly use that for passive sniffing
(if Ethereal were built with the current CVS version of libpcap, or if
you used their sniffer program and Ethereal 0.9.15, as 0.9.15 can read
Endace's capture files).