Any packet sniffer can only analyze packets that are actually sent down the wire in its direction. So - in a switched environment you will normally only "see" packets that are either destined for your device or are broadcast/multicast
If you want to capture all traffic in your network, assuming it s heiarchical, then one method is to put the packet sniffer in the core of the network
Alternatively, you can configure switches so that one port is sent all of the traffic - called "port mirroring" (although I've heard some vendors use different terms). In this mode the switch will send ALL traffic to the mirrored port in addition to the port that is the actual destination - in which case you get all traffic. Be careful - this could be considerable. See http://www.inmon.com/help/sp/5.0/configure/portmirroring.htm for concept.
Cisco have "switch port analyzer" settings for this kind of thing - see http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a0080121d34.html I haven't used it so am just going from their documentation that it does what you're after. Consult the docs for you own brand of switch.
Or ... use a hub ;-)
Hope this helps some
Dave
>>> ali.behzadipour@xxxxxxxxxxx 25/05/04 20:08:20 >>>
Dear Sirs
It seems that with Ethereal we can only analyze the machine which the
program has been installed on it. Is there any possibility to perform
the task in corporate manner which other machines can be analyzed
remotely from a single point?
BR.
Ali Behzadipour
Siemens
Information Security Officer
Tel: +98 21 6144210
Fax: +98 21 6402294
Mail to: ali.behzadipour@xxxxxxxxxxx
