Data link layer monitoring

1545 pts.
Tags:
Data link protocols
Network monitoring
Networking
Can you please explain a method used for data link layer monitoring?

Answer Wiki

Thanks. We'll let you know when a new response is added.

The Data Link Layer refers to “Layer 2″ in the OSI model. I assume when you say monitoring you mean a “Sniffer” to watch traffic at layer two. There are a number of them out there that are great and sometimes very useful, called wireshark it has both Windows and Linux distributions and really is quite powerful… and <b>FREE</b>!!!

This will capture and let you see traffic at layer 2 just fine. If you look at others out there you will likely want to be sure it operates in “Promiscuous mode”, basically if it doesn’t it will only allow you to see traffic sent to or from the device you are monitoring with. Most sniffer programs do offer this feature these days.

Keep in mind that a Switch will only send traffic to a port if the destination MAC address has been “seen” on the port, so you may need to configure the port as a monitor port to see all layer 2 traffic on monitor traffic with it, this in effect will make all traffic be sent to that port and I would recommend only using the port to monitor traffic and not for hosts on your network. You do not have to worry about this if you have a true network hub, but these are farther and fewer in between these days since switches are better at managing traffic than a hub.

Hopefully that helps, happy capturing!

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Labnuke99
    ethereal has been deprecated. The application is now called wireshark. It is an excellent tool for watching network traffic. ntop is a good application for watching traffic also although it requires *nix. It will work at layer2
    32,960 pointsBadges:
    report
  • Jerry Lees
    Excellent addition to the conversation! Thanks for the update on the product name, I hadn't used it in a while and wondered what happened to it since teh latest version I could find was only slight;y newer than the version I had recalled using a while back.
    5,335 pointsBadges:
    report
  • Labnuke99
    You should check out this blog entry. Laura Chappell is the bitgirl and is a goddess when it comes to packet analysis.
    32,960 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following