[Gizmo]

In a fully switched network, there are only ever two devices on a segment; the computer and the switch. In other words, a fully switched network is basically a logical point-to-point configuration, although it will usually be physically arranged in some variation of a star topology. Under such conditions, there should never be any opportunity for collisions on a given segment, and the switching fabric itself will take care of ensuring that collisions do not occur upstream, where packets from multiple sources will share the same wire. Because of this, collisions should be nearly non-existent and the presence of collision alarms indicates a problem.

The nature of a switched network also presents some difficulties for packet sniffers like what I am trying to deploy. Why? Because the whole premise of a switched network is that the only traffic that should ever appear on a given segment is the traffic intended for a machine on that segment. If there is only one machine on any given segment, then how do you sniff traffic for an arbitrary machine and be certain that you are getting ALL of it?

There are two possibilites:

1) Insert a hub between the machine you want to sniff and the switch. Since a hub replicates ALL of its traffic to ALL of its nodes, this means that you can sniff the traffic of the machine you are interested in, PROVIDED you are on the same hub as the machine in question. Unfortunately, there's no such thing as a gigabit hub at this stage in the game.

2) Get a MANAGED switch that allows you to do port mirroring. This is what I am doing. This type of switch allows you to essentially take two of the switch ports and configure them as a 'mini hub', thus allowing me to monitor the traffic to the server in question.