How do you sniff your LAN subnet in nowdays switched networks ?

[Maxim Vexler <hq4ever () gmail com>]

Hello FD,

Recently one of our offices started to experience a significant packet
lost ratio and was having trouble browsing the web. The network
infrastructure is very simple[1] - its a remote office connected to
the Internet. The suspicion reduced to a number of possible causes,
one of them is an infected machine that is causing noise on that
subnet. As an attempt to locate that machine I tried to use a sniffer
in promiscuous mode to listen to the network.
The problem is that the office (like the rest of the world today) uses
a switch in his cable closet. So, for the sake of a successful
sniffing I will be forced to temporally replace this switch with my
trusty hub the next time I get a chance to go there.

In the mean time I would like to ask you if any testing can be made to
locate a noisy machine on a subnet that is connected with a switch?

Another aspect of this issue is this: I disconnected some machines
from the network, what seems to provide some improvements in the
response times but I still don't know the cause of the problem. I
tried to locate some "noise stress testing" tool to run on one of the
machines so that I can simulate the noise to see if that will have any
affect on the response times, but oddly enough I wasn't able to find
any decent ones that would actually work - Your advice on the subject
would be much appreciated.

Thank you reading.
Blessings to all.

[1] : What they have is : ((clients)) --->>> [hp switch] -_-> [router]
-_-> [asdl modem] -> {{{ Internet }}}

--
Cheers,
Maxim Vexler (hq4ever).

Do u GNU ?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/