Date: Wed, 21 Jul 1999 00:43:29 -0700 (PDT) From: Jaye Mathisen <mrcpu@internetcds.com> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: Modred <modred@ns1.antisocial.net>, Vincent Poy <vince@venus.GAIANET.NET>, sthaug@nethelp.no, leifn@neland.dk, freebsd-hackers@FreeBSD.ORG Subject: Re: poor ethernet performance? Message-ID: <Pine.BSF.4.10.9907210040400.16718-100000@schizo.cdsnet.net> In-Reply-To: <199907210733.AAA25177@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 21 Jul 1999, Matthew Dillon wrote: > :Perhaps I'm missing something obvious, but since switches forward packets > :selectively per port, I would think it would be hard to sniff packets on > :any port, w/o administrative access to the switch to tell it to mirror > :data to a different port. > : > :ie, if I'm plugged into port 1, I can't see traffic on a switch on port 2 > :except for broadcast traffic... > > The switch routes traffic based on its ARP cache. While you cannot > easily monitor another port's traffic, you can take over its MAC address > and steal its traffic. Well, this is waaaay past the trivial part. It certainly seems that you would have to have a lot of information from another source to be able to do this. I guess I'll I'm saying is that if you have a switch sitting there, and you're plugged into it, you're not going to be able to just fire up tcpdump and see much more than ethernet broadcasts, and IP broadcast traffic, and of course, traffic from and to your port... At least, not w/o what appears to be mucho work. And back to your regularly scheduled -hackers... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9907210040400.16718-100000>