On Tue, 12 Oct 2004 07:39:39 -0500, Brian Wall <kc0iog at gmail.com> wrote: > I have a box set up with Ethereal. I need to monitor traffic on a > network segement to find a chatty box (or several for all I know). As > luck would have it, the entire segment is a series of switches, so > Ethereal doesn't tell me much when I plug it in. I heard a rumor that > I need to turn on something called "port replication" that steals all > the traffic on a given segment and pumps it all to one port so > Ethereal gives me some real stats. Anyone have a HOWTO or some basic > tips for doing such a thing? If you find that you're not able to do port replication, another possibility is to use a program called ettercap. It uses arp poisoning to allow you to sniff traffic over switched networks. I've used it in the past for this purpose, and it works really well. You should find a place to test it first, though, as the arp poisoning can do some funky things to some networks. _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota Help beta test TCLUG's potential new home: http://plone.mn-linux.org Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list