I’m learning how to use a protocol analyzer to resolve different problems on our network. Our net is a hodge-podge of equipment; some parts are still using hubs and others are using more up-to-date Ethernet switches. Which is the best way to connect a protocol analyzer to an Ethernet network in order to “sniff” the packets on the wire?– Via the InternetThe best way to connect to a network to analyze the packets depends in great part on the kind of equipment you have available. In earlier days of networking, the answer was simple – just plug into a hub and you were ready to go. With Ethernet switches today, the answer starts to become “It depends.” By design, most switches won’t allow you to see the traffic from a server destined for a workstation other than the one you’re at. This can be done but involves something called port mirroring. This is where you copy the traffic destined for one port on the switch in question to another port. There are two types of switches – unmanageable and manageable. Unmanageable switches are cheaper than their manageable counterparts and generally lack the ability to do port mirroring. Just because your switch says it is manageable may mean little more than it supports SNMP and still may not let you do port mirroring. This is an important item to clarify when you buy additional switches for your network.If your switches don’t support port mirroring, you still have a couple of options. It is possible in most cases to put a hub between a workstation under test and the network. You can plug your protocol analyzer into the hub and see both sides of the traffic. Just because your hub says on the outside that it is a hub doesn’t mean that it’s on. Some of the vendors in the entry-level end of the market sometimes use the same production line to produce hubs and switches, so you may have a switch that’s a hub and a hub that is actually a switch. In doing some research on open-source software recently, I found information on how to make a passive Ethernet tap. This is an interesting idea that presents a unique solution to a problem. With the passive Ethernet tap, you can put it inline between a network and a system under test and look at just one side of the conversation without having to implement additional filtering within the analyzer you are using. This does mean you won’t be seeing all of the conversation at once, so you may have to do some additional packet captures to get the whole picture. The parts to build this should run around $20 and it doesn’t require any power to make it work. It’s a good thing to have in your bag of tricks when a hub isn’t available or can’t be used for one reason or another. Related content how-to Doing tricks on the Linux command line Linux tricks can make even the more complicated Linux commands easier, more fun and more rewarding. By Sandra Henry-Stocker Dec 08, 2023 5 mins Linux news TSMC bets on AI chips for revival of growth in semiconductor demand Executives at the chip manufacturer are still optimistic about the revenue potential of AI, as Nvidia and its partners say new GPUs have a lead time of up to 52 weeks. By Sam Reynolds Dec 08, 2023 3 mins CPUs and Processors CPUs and Processors Technology Industry news End of road for VMware’s end-user computing and security units: Broadcom Broadcom is refocusing VMWare on creating private and hybrid cloud environments for large enterprises and divesting its non-core assets. By Sam Reynolds Dec 08, 2023 3 mins Mergers and Acquisitions news analysis IBM cloud service aims to deliver secure, multicloud connectivity IBM Hybrid Cloud Mesh is a multicloud networking service that includes IT discovery, security, monitoring and traffic-engineering capabilities. By Michael Cooney Dec 07, 2023 3 mins Network Security Network Security Network Security Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe