Network Traffic Monitoring

**cryingvalor** · 06-06-2007, 02:39 AM

Hey guys how does Network Traffic Monitoring works.

SirNtwrk · 06-13-2007, 12:39 PM

Monitoring works by listening to the traffic going across a network and copying this data into a montioring program like Ethereal (this can be downloaded for free if you want to give it a shot --> http://www.ethereal.com/download.html)

The trick here is that you have to have a network device that will support this. If you have an old style hub, you should be able to listen to all the traffic with no trouble. If you have a switch, you will need to have a switch that supports network monitoring. Most of the time these are higher end switches; not the 5 or 8 port ones people use at home. A switch port must be setup in promiscumous mode or set as monitor port (the terminology changes from switch to switch.) Switches by design will not show you all the traffic because they are designed not to. Setting up a monitor port copies all the traffic destine for any port (or the specified ports you want to monitor) to your monitor port. This should be the port your computer with the monitor software running is plugged into.

For example, if I want to monitor Internet traffic inbound and outbound in my network, I would set the port I am plugged into, port 6, to monitor the port the Internet traffic flows to, port 1, as the source of the monitor and my port as the destination. All packets going in or out of port 1 would be copied to my port and Ethereal will collect them and sort them out showing me the source and destination IP address, the protocol, and the size of each packet. I can run reports on this showing me where people are going.

Does that help?

**cryingvalor** · 06-13-2007, 11:03 PM

Yes it does thank you.... do you know any online tutorials about ethereal or any step by step tutorial about it?

06-06-2007, 02:39 AM	#1 (permalink)
cryingvalor TSF Enthusiast Join Date: Nov 2006 Posts: 510 OS: XP2,WIN03,UBUNTU,CentOS,Bayanihan,FEDORA 8	Network Traffic Monitoring Hey guys how does Network Traffic Monitoring works.

06-13-2007, 12:39 PM	#2 (permalink)
SirNtwrk Registered User Join Date: Aug 2005 Posts: 26 OS: Win XP SP2	Re: Network Traffic Monitoring Monitoring works by listening to the traffic going across a network and copying this data into a montioring program like Ethereal (this can be downloaded for free if you want to give it a shot --> http://www.ethereal.com/download.html) The trick here is that you have to have a network device that will support this. If you have an old style hub, you should be able to listen to all the traffic with no trouble. If you have a switch, you will need to have a switch that supports network monitoring. Most of the time these are higher end switches; not the 5 or 8 port ones people use at home. A switch port must be setup in promiscumous mode or set as monitor port (the terminology changes from switch to switch.) Switches by design will not show you all the traffic because they are designed not to. Setting up a monitor port copies all the traffic destine for any port (or the specified ports you want to monitor) to your monitor port. This should be the port your computer with the monitor software running is plugged into. For example, if I want to monitor Internet traffic inbound and outbound in my network, I would set the port I am plugged into, port 6, to monitor the port the Internet traffic flows to, port 1, as the source of the monitor and my port as the destination. All packets going in or out of port 1 would be copied to my port and Ethereal will collect them and sort them out showing me the source and destination IP address, the protocol, and the size of each packet. I can run reports on this showing me where people are going. Does that help?

06-13-2007, 11:03 PM	#3 (permalink)
cryingvalor TSF Enthusiast Join Date: Nov 2006 Posts: 510 OS: XP2,WIN03,UBUNTU,CentOS,Bayanihan,FEDORA 8	Re: Network Traffic Monitoring Yes it does thank you.... do you know any online tutorials about ethereal or any step by step tutorial about it?