On Tue, 12 Oct 2004, Brian Wall wrote: > I have a box set up with Ethereal. I need to monitor traffic on a > network segement to find a chatty box (or several for all I know). As > luck would have it, the entire segment is a series of switches, so > Ethereal doesn't tell me much when I plug it in. I heard a rumor that > I need to turn on something called "port replication" that steals all > the traffic on a given segment and pumps it all to one port so > Ethereal gives me some real stats. Anyone have a HOWTO or some basic > tips for doing such a thing? > Not all switches support this - typically only higher-end, managed switches (like Procurve and crisco). In the cisco world the command is "port-monitor <blah>". I'm more than happy to help privately, if you have a cisco. This can get slightly more complicated if you have VLANs or trunked ports. If you just need to narrow down which machine is "chatty" - you might have more luck getting SNMP stats from the switches and graphing all of the ports with MRTG. If there's a router involved, and you suspect the "bad" traffic isn't all local, you can possibly get some info from the router. If the router is cisco, look into "ip accounting" and flow switching. Once you narrow it down to a particular machine, you can setup an appropriate access-list, and get some packet dumps. _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota Help beta test TCLUG's potential new home: http://plone.mn-linux.org Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list