Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

capturing traffic to and from a DC to any workstation

Status
Not open for further replies.
teknoguy

teknoguy

Technical User
Feb 1, 2001
182
CA
im trying to capture traffic going to and from the domain controller to all other computers in the network.
I want to run sniffer on a workstation to capture the data. but it seems i can only capture data going from the workstation(the one which sniffer is installed) to the DC. is there a setting in sniffer to allow this.
also all NICs are intel pro/100s.

thanks.
 
Sort by date Sort by votes
Your obviously plugged into a switch, hence why your only seeing your traffic!
To be able to do what you require;
1. Mirror the port of the DC onto the port connected to your sniffer.
2. Put a hub in line between the switch and DC, and connect your sniffer to the hub.
Both methods will reduce the connection speed to Half Duplex
Alf
 
Upvote 0 Downvote
how do i mirror the port of the DC? so your saying that i must do both methods 1 and 2 to accomplish what i want to do?

so your saying that its like this right now

switch
/ / DC workstation

and should be like this?

switch
/
/
hub----workstation
 
Upvote 0 Downvote
Yep.. toss a cheapo hub in the middle.. and make sure it's a hub. Linksys has been making a point of labeling switches as hubs.. same damn box just the switch has SNMP enabled on it. Useless for the sniffer folks. I found a Netgear for 20 bucks. I have 10/100s but I have not bought one yet.. no need at this point so far.

The mirror works on many but not all switches. The idea is that a *copy* of the traffic on a port or VLAN is *mirrored* to a second port that has the sniffer on it. You config so the traffic is only sent OUT and not back into the port so to avoid spanning tree issues and such.

MikeS Find me at
"Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
Sun Tzu
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

waydown
  • Locked
  • Question
Is public address static or not
Replies
0
Views
183
waydown
waydown
Oleg11
  • Locked
  • Question
remote access to the computer
Replies
0
Views
118
Oleg11
Oleg11
mattm31
  • Locked
  • Question
Logon to DC from remote site
Replies
0
Views
102
mattm31
mattm31
shedlord2
  • Locked
  • Question
Best (simple) sniffer to use for detecting illegal filesharing on a network?
Replies
1
Views
156
fortunat
fortunat
dustbuster
  • Locked
  • Question
How to sever client connection based on timeout or bandwidth
Replies
0
Views
129
dustbuster
dustbuster

Part and Inventory Search

Sponsor

Back
Top