"Dave" wrote:
>
> "markm75" <(E-Mail Removed)> wrote in message
> news:98C5E28F-25CD-40E9-ABD1-(E-Mail Removed)...
> >
> >
> > "Dave" wrote:
> >
> >>
> >> "markm75" <(E-Mail Removed)> wrote in message
> >> news:CE3EF95E-E28A-42FE-9649-(E-Mail Removed)...
> >> >
> >> >
> >> > "Dave" wrote:
> >> >
> >> >>
> >> >> "markm75" <(E-Mail Removed)> wrote in message
> >> >> news:A6ACD23E-5FB5-4BA4-A3F9-(E-Mail Removed)...
> >> >> > I'm trying to trace down some sluggishness in our network and see
> >> >> > what
> >> >> > ports
> >> >> > are in use and activity etc.. using Ethereal and other tools..
> >> >> >
> >> >> > Is it true.. that the best way is to plug a laptop into a hub (vs a
> >> >> > switch),
> >> >> > which actually would sit outside the firewall.. in between the
> >> >> > router
> >> >> > and
> >> >> > the
> >> >> > cable modem (internet)?
> >> >> >
> >> >> > Thanks for any info..
> >> >>
> >> >> well, it depends.... if the external network connection is slow then
> >> >> this
> >> >> is
> >> >> the likely place to start. if the internal network is slow then this
> >> >> won't
> >> >> help as you need to watch machine to machine traffic on the lan that
> >> >> won't
> >> >> show up outside the router.
> >> >>
> >> >>
> >> >>
> >> >
> >> > But does it matter if its a switch or a hub?
> >> >
> >> > In my case we had one user who was causing our internet connection to
> >> > slow
> >> > down to 300ms in ping times.. i was able to trace the problem to them
> >> > by
> >> > putting the laptop in front of the router.. but by the same token.. i
> >> > think
> >> > the software captures the same data if behind the router and on a
> >> > switch
> >> > (not
> >> > sure if a hub is needed or if so why)?
> >> >
> >> >
> >> a switch only sends a machine packets that are meant for it, or broadcast
> >> packets meant for the whole network. so if the sniffer is on a switch
> >> port
> >> it won't see the other machine's traffic. a hub sends everything to
> >> every
> >> port that is connected. so putting a hub between the modem and router is
> >> the only way to monitor internet traffic for all the machines.
> >>
> >> it won't let you monitor internal lan traffic between machines or servers
> >> on
> >> your lan since the router will keep them inside and not send them to the
> >> internet connection.
> >>
> >>
> >>
> >
> > I understand this a bit clearer.. but still confused on how apps like
> > Ethereal are able to capture traffic when i'm running it say on the main
> > switch (from my desktop) in our LAN.. i can see multiple machine's traffic
> > and external ports it is using.. like say if someone is using a bitorrent
> > tool.. those ports appear.. even on the switch..
> >
> > Or for that matter.. a program like the network monitor with SMS which can
> > capture all traffic.. that server is on a switch as well...
> >
> >
>
> are you sure that its really a switch? not all routers have switches built
> in, some have hubs that would let you see all the traffic.
>
>
>
Yep.. they are Dlink DGS-1248T gigabit switches, 3 of em.. sitting behind
the router..
Or perhaps i'm just catching outbound traffic and not client to client..
when sitting on the switch.
|
Similar Threads
Linear Mode
