[Sunhelp] About snoop

Richard.Worwood at dti.gsi.gov.uk Richard.Worwood at dti.gsi.gov.uk
Fri Oct 13 08:31:11 CDT 2000


This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C03519.D9C78500
Content-Type: text/plain

On most switched environments this is acknowledged and there is a facility
to enable you to span into the entire vlan or look at specific ports. I know
on Cisco Cat 5000's the command is as follows:
Usage: set span enable
       set span disable
       set span <src_mod/src_ports...> <dest_mod/dest_port> [rx|tx|both]
       set span <src_vlan> <dest_mod/dest_port> [rx|tx|both]


> Richard Worwood
> Unitas
> 
> * Office:	020 7215 3693
> * Mobile:	07771 662880
> * Fax:	08701 698423
> * Email:	richard.worwood at dti.gsi.gov.uk


-----Original Message-----
From: Dale Ghent [mailto:daleg at elemental.org]
Sent: 13 October 2000 14:09
To: sunhelp at sunhelp.org
Subject: Re: [Sunhelp] About snoop


On Fri, 13 Oct 2000, John Lee wrote:

| Hello,
| 
| As you know, snoop is very useful tool in troubleshooting. But it has
| limitation when used in a switched network. My question is " Are there any
| other sniffer tools to address the snoop's limitation ?"

Not being able to see all traffic on a switched network is hardly a
limitation of snoop. Snoop puts your machine's interface into 
promiscuous mode, and thus it'll see every packet, but only every packet
that the switch sends down the wire to your machine. Thus there is no way
for snoop itself to see the traffic on all the other switch ports, unless
you configure your switch to send all traffic to your machine.

/dale

_______________________________________________
SunHELP maillist  -  SunHELP at sunhelp.org
http://www.sunhelp.org/mailman/listinfo/sunhelp

------_=_NextPart_001_01C03519.D9C78500
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3DUS-ASCII">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2651.75">
<TITLE>RE: [Sunhelp] About snoop</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=3D2>On most switched environments this is acknowledged =
and there is a facility to enable you to span into the entire vlan or =
look at specific ports. I know on Cisco Cat 5000's the command is as =
follows:</FONT></P>

<P><FONT SIZE=3D2>Usage: set span enable</FONT>
<BR><FONT SIZE=3D2>       set span =
disable</FONT>
<BR><FONT SIZE=3D2>       set span =
<src_mod/src_ports...> <dest_mod/dest_port> =
[rx|tx|both]</FONT>
<BR><FONT SIZE=3D2>       set span =
<src_vlan> <dest_mod/dest_port> [rx|tx|both]</FONT>
</P>
<BR>

<P><FONT SIZE=3D2>> Richard Worwood</FONT>
<BR><FONT SIZE=3D2>> Unitas</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> * Office:     020 7215 =
3693</FONT>
<BR><FONT SIZE=3D2>> * Mobile:     07771 =
662880</FONT>
<BR><FONT SIZE=3D2>> * =
Fax:        08701 698423</FONT>
<BR><FONT SIZE=3D2>> * Email:      =
richard.worwood at dti.gsi.gov.uk</FONT>
</P>
<BR>

<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>From: Dale Ghent [<A =
HREF=3D"mailto:daleg at elemental.org">mailto:daleg at elemental.org</A>]</FON=
T>
<BR><FONT SIZE=3D2>Sent: 13 October 2000 14:09</FONT>
<BR><FONT SIZE=3D2>To: sunhelp at sunhelp.org</FONT>
<BR><FONT SIZE=3D2>Subject: Re: [Sunhelp] About snoop</FONT>
</P>
<BR>

<P><FONT SIZE=3D2>On Fri, 13 Oct 2000, John Lee wrote:</FONT>
</P>

<P><FONT SIZE=3D2>| Hello,</FONT>
<BR><FONT SIZE=3D2>| </FONT>
<BR><FONT SIZE=3D2>| As you know, snoop is very useful tool in =
troubleshooting. But it has</FONT>
<BR><FONT SIZE=3D2>| limitation when used in a switched network. My =
question is " Are there any</FONT>
<BR><FONT SIZE=3D2>| other sniffer tools to address the snoop's =
limitation ?"</FONT>
</P>

<P><FONT SIZE=3D2>Not being able to see all traffic on a switched =
network is hardly a</FONT>
<BR><FONT SIZE=3D2>limitation of snoop. Snoop puts your machine's =
interface into </FONT>
<BR><FONT SIZE=3D2>promiscuous mode, and thus it'll see every packet, =
but only every packet</FONT>
<BR><FONT SIZE=3D2>that the switch sends down the wire to your machine. =
Thus there is no way</FONT>
<BR><FONT SIZE=3D2>for snoop itself to see the traffic on all the other =
switch ports, unless</FONT>
<BR><FONT SIZE=3D2>you configure your switch to send all traffic to =
your machine.</FONT>
</P>

<P><FONT SIZE=3D2>/dale</FONT>
</P>

<P><FONT =
SIZE=3D2>_______________________________________________</FONT>
<BR><FONT SIZE=3D2>SunHELP maillist  -  =
SunHELP at sunhelp.org</FONT>
<BR><FONT SIZE=3D2><A =
HREF=3D"http://www.sunhelp.org/mailman/listinfo/sunhelp" =
TARGET=3D"_blank">http://www.sunhelp.org/mailman/listinfo/sunhelp</A></F=
ONT>
</P>

</BODY>
</HTML>
------_=_NextPart_001_01C03519.D9C78500--





More information about the SunHELP mailing list