At Thursday 07:35 AM 8/17/00, Darren Kara wrote:
>Thanks,
>
> I took care of the parser error. Now though when I do get a capture, all I
>see is LLC trafic.
>
> I am plugged directly into a bay 350T switch with no vlan, it's basically
>acting as a hub. I have a half dozen boxes hanging off of it, as well as
>two port connected to routers. I should be seeing more trafic than this. I
>thought when you put you eth into promiscuous mode that it picked up all
>trafic on the same segment?
A switch is a switch by any other name. The fact that you have no VLAN
configured doesn't change this. There is a monitoring facility in these
switches, that permits you to replicate traffic in/out of a maximum of
2 ports - pretty lame, given that one can sniff an entire VLAN with
the SPAN facility in Cisco Catalysts. Log into the switch in read-write
mode, go to
SwitchConfiguration->PortMirroringConfiguration and select the
mode you want (<->X AND Y <->) is probably what you want, define
the monitor port that has the machine with Ethereal on it, then
define the X and Y ports you wish to monitor.
I used to have some 350T's here, but they tend to fail with a garden-variety
of causes, and Bay/Nortel basically wants to charge an arm and a leg to repair
them (I had 3 out of 4 units crap out on me in a little more than 12 months,
one failing to do IP MC port pruning, another hanging when more than
20Mbps went through a single port, and a third one conveniently stopping
to respond to any traffic sent to it's IP address: then I decided to spend
4 times the dollars/port for Cisco 29xx's, which actually work as advertised).
Naturally, I'd think that ARIN's budget would allow for more than these
crappy Bay/Nortel switches :) I just truly hope that the whois.arin.net
server doesn't hang off this junk.
bye,Kai
