Sniffing in a Switched Environment

A switched environment is the most common type of network you will be working on. Switches provide an efficient means of transporting data via broadcast, unicast, and multicast traffic. (For more on these topics see Chapter 1.) As a bonus, switches allow full-duplex communication, meaning that machines can send and receive data simultaneously through a switch. Unfortunately for packet analysts, switches add a whole new level of complexity to a packet analyst's job. When you plug in a sniffer to a port on a switch, you can only see broadcast traffic and the traffic transmitted and received by your machine, as shown in Figure 2-4.

Figure 2-4. The visibility window on a switched network is limited to the port you ...

Get Practical Packet Analysis now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.