Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Sniffing on my lan HELP

Sniffing on my lan HELP

Sniffing on my lan HELP

he i have been looking into ways to monitor my lan in order to keep it running fast and to see who is misusing it or slowing it down. my network looks like this.

i would like to what bandwidth each computer is using. what their traffic is ie. what websites they view. Warnings if my ping get to high and any other good network monitoring tools.

i am not completely sure how to go about doing this. from what i understand because i have a switch i am going to have to do some trickery to be able to see the traffic. something along the lines of ARP poisoning.

i am looking for someone to point me in the right direction and any other helpful hints.


RE: Sniffing on my lan HELP


Looking at your diagram, you might have some difficulty in instrumenting a network analysers (be it a freebee like wireshark on a laptop, or something more sophisticated like a netscout infinistream.

You've got two options, SPAN and TAP.

SPANS (sometimes called mirror ports) are types of ports on switches that can send a copy of data on a port to another port for monitoring, most CISCO and HP switches allow this.

TAPS are effectivly the physical equivilent of spans. e.g. http://www.nxtera.co.uk/Solutions/Gigamon.aspx

Once you have got instrumented its a case of capturing. You can use wireshark with your NIC set to promiscuous mode to see data, better still look at a network analyser with a disk drive -> the difficulty is often recreating an issue or timing your capture to get the 1/2 second burst that tells you what the problem is. Something like an infinistream http://www.nxtera.co.uk/Solutions/NetScout/Infinistream.aspx will help you do this. These tend to be fairly expensive, but will cut your investigation times significatly.

Final option, you could get some proffessional services, these guys are very good and use netscout hardware to diagnose faults.

Good luck

The OSS Guy

RE: Sniffing on my lan HELP

What Cisco switches are you using, is there a spare point on each for SPANning?

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close