<div style="FONT-FAMILY: Arial; COLOR: #000000; FONT-SIZE: 12px"><div><div>Wireshark is perfect for getting right down on the wire and tapping the entire conversation taking place.<br />Just a quick note...<br />If one wishes to diagnose a connectivity / security issue with one particular device, one can simply take a laptop with a second USB or PCMCIA nic, bridge the two together (thereby turning the laptop into one big hub) and then connecting one nic to the device and the other to the network drop on the wall. It's like a good old fashioned MITM attack. Works great without the need for an actual hub, mirrored port, or promiscuous mode (heck, you can do it with windows!). <br />Only one thing to consider; if Cisco port security is enabled on the switch that the wall drop goes to, it will detect two mac addresses and shut down. I've thought about maybe spoofing the mac of the device being troubleshot so only one mac is detected but have not tried it yet.<br />Good luck! <br /></div>-Daniel <br /></div><div> </div><div> </div><div style="border-top:1px solid #bcbcbc;margin:5px 0px;"></div><span style="font-size:12;font-family:arial;color:#000000;">On 11/02/11, <span>Walt Smith<waltechmail@yahoo.com></span> wrote:</span><div style="font-size:12;font-family:arial;color:#000000;"><br />Q:<br />A demo of a network session should show the protocols in <br />action at the ethernet level; i.e. some screen showing<br />request --> ack -> grant payloads included embedded TCP/IP<br />type of data.<br /><br />What should be used for this? Does ethereal software get down to the<br />grit level?<br /><br />Background; <br />I believe that several software packages will sniff an ethernet card<br />and be able to symbolically display REQ, ACK for protocols at<br />the TCP/IP Level. If so confirmation by a reader would be good.<br /><br />I don't know ( and maybe I could dig into the docs if I was<br />relatively sure I was on the right track ) if the software has<br />capability to get to the actual ethernet level to show the <br />protocols there-- IS hardware needed such as a logic analyser <br />(I've used several years ago ) or network analyser ?<br /><br />Case in point: ( so I hope I'm clear ).<br />It is the case that software would format an IDE hard<br />disk. Hi-level. It could check for errors, sectors etc.<br />BUT -- there was a lower level -- a low level format -- that <br />was generally considered to be "factory" which is where the REAL<br />IDE ( or a lower set ) of instructions took place- so you <br />(may have) needed to know what was going on for some reason.<br />(Obviously, tech's don't need that level anymore outside of<br />the flooded Thai factory - you may have for forensics or<br />recovery etc... )<br /><br />So, if one wants to observe in symbol format the real ethernet<br />bittys, what would one use ? ( is a fast PC able to get to the lowest<br />levels with a NIC CHIP today, after all, 100 MBPS isnt' slow.<br />Perhaps it could be done on a 10 MBPS line without real<br />hardware )? <br /><br />TECH speak: IF the NIC is a shift register and the<br />bitty's are flying in, it seems like a parallel read of the<br />shift register real data is possible-- assuming the nic chip is <br />designed that way.<br /><br /><br /><br /><br />thx,<br /><br />Walt.........<br />Celebrating over 14,000 emails in my Yahoo Inbox !<br /><br />_______________________________________________<br />CALUG mailing list<br /><a class="parsedEmail" href="mailto:CALUG@unknownlamer.org" target="_blank">CALUG@unknownlamer.org</a><br /><a class="parsedLink" href="http://lists.unknownlamer.org/listinfo/calug" target="_blank">http://lists.unknownlamer.org/listinfo/calug</a><br /></div></div>