Gói phân tích là một yêu cầu để quản lý mạng ngày nay, và cuốn sách này sẽ cung cấp cho bạn nhảy bắt đầu bạn cần trong học tập như thế nào tất cả các công trình. Bạn có thể tìm thấy chính mình tự hỏi tại sao bạn nên mua cuốn sách này như trái ngược với bất kỳ | Figure 2-1 Placing your sniffer on the network is sometimes the biggest challenge you will face. The goal of this chapter is to help you develop an understanding of packet sniffer placement in a variety of different network topologies. We will look at various real-world network setups as we determine the best way to capture packets in hub- switch- and router-based environments. As a precursor to understanding sniffer placement we ll also take a more indepth look at promiscuous mode network cards how they work and why they are a necessity for packet analysis. Living Promiscuously Before you can sniff packets on a network you need a network interface card NIC that supports a promiscuous mode driver. Promiscuous mode is what allows an NIC to view all of the packets crossing the cabling system. When an NIC is not in promiscuous mode it generally sees a large amount of broadcast and other traffic that is not addressed to it which it will drop. When it is in promiscuous mode it captures everything and passes all traffic it receives to the CPU basically ignoring the information it finds in a packet s Layer 2 addresses. Your packet sniffing application grabs those packets to give you a complete and accurate account of all packets on the system. NOTE Most operating systems including Windows will not let you use a network card in promiscuous mode unless you have elevated user privileges. If you cannot obtain these privileges on a system chances are that you should not be performing any type of packet sniffing on that particular network. Sniffing Around Hubs Sniffing on a network that has hubs installed is a dream for any packet analyst. As you learned earlier traffic sent through a hub is sent to every port connected to that hub. Therefore to analyze a computer on a hub all you have to do is plug in a packet sniffer to an empty port on the hub and you can see all communication to and from all computers connected to that hub. As illustrated in Figure 2-2 your visibility .