Monday, October 13, 2008

How to Deploy a Packet Sniffer

colasoft logoBefore we can analyze and monitor a network with a packet sniffer, we must make sure the packet sniffer is correctly deployed at the right place, so that we can capture all the traffic running in and out. The installation of a packet sniffer is easy, it is always a good idea to install a packet sniffer on a laptop, so that the laptop can be shifted around to troubleshoot different network segments. This article will discuss how to deploy a packet sniffer based on the different network device that is used.

How to Deploy a Packet Sniffer in a Switched Network

Switch is a network device working on the Data Link Layer of OSI. Switch can learn the physical addresses and save these addresses in its ARP table. When a packet is sent to switch, switch will check the packet’s destination address from its ARP table and then send the packet to the corresponding port.

Condition 1: Manageable Switch

Generally all three-layer switches and partial two-layer switches are manageable; the traffic going through other ports of the switch can be captured from the debugging port (mirror port/span port) on the core chip. To analyze the traffic going through all ports, we should deploy a packet sniffer at this debugging port (mirror port/span port). In a manageable switch network environment, we should deploy a packet sniffer like this:

packet
Condition 2: Unmanageable Switch

If our switch has no management function, we can connect a tap with the line to be monitored. Taps can be flexibly placed on any line in network. When requiring high network performance, we can add a tap to our network. In an unmanageable switch network environment, we should deploy a packet sniffer like this:



How to Deploy a Packet Sniffer in a Hubbed Network

A hubbed network is also known as shared network which is connected with a hub. In a hubbed environment, packet sniffer can be installed on any host in LAN. The entire network data transmitted through the Hub will be captured, including the communication between any two hosts in LAN, because when a packet arrives at one port, it is copied to the other ports so that all segments of the LAN can see all packets. In a hubbed network, we should deploy a packet sniffer as shown below:

packet sniffer deployment1
Posted by Kevin Zhou
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Colasoft Capsa is an easy-to-use packet sniffer for network monitoring and troubleshooting. It performs real-time packet capturing, 24/7 network monitoring, advanced protocol analyzing, in-depth packet decoding, and automatic expert diagnosing. By giving you insights into all of your network's operations, Capsa makes it easy to isolate and solve network problems, identify network bottleneck and bandwidth use, and detect network vulnerabilities.
 
Free counter and web stats