Re: RES: Sniffer - How's the best way to deploy ?

[Lukasz Szmit <lukasz.szmit () ucd ie>]

On Wed, 2006-07-12 at 10:21 -0300, Ricardo Perin wrote:
> I haven't sure if ethereal supports PLC network, I think not.

If PLC in this case stands for Programmable Logic Controller, than I
think the latest stable version of Ethereal has support for this sort of
traffic. I've never used it though.

> Some switches have a port called PROBE PORT that is used exactly for this.
> All the traffic in the network passes through him. I don't know if Cisco
> call this port with other name, but....

Cisco call it a SPAN (Switched Port ANalyzer) port or a session monitor
port. Casually it's referred to as a spanned port. The 2955 does support
it: http://www.cisco.com/warp/public/473/41.html#support

Here's how to do it:
http://www.cisco.com/warp/public/473/41.html#topic5

If you want to use the monitoring PC on the network, while running a
packet capture on the spanned port at the same time, then - as Francois
already mentioned - you would indeed need to NIC's. Otherwise one will
suffice.

regards,
-- 
Lukasz Szmit
University College Dublin


---------------------------------------------------------------------------
This list is sponsored by: SensePost

Hacking, like any art, will take years of dedicated study and  
practice to master. We can't teach you to hack. But we can teach you  
what we've learned so far. Our courses are honest, real, technical  
and practical. SensePost willl be at Black Hat Vegas in July. To see  
what we're about, visit us at: 

http://www.sensepost.com/training.html
---------------------------------------------------------------------------