Home > IT Answers > Networking > Data link layer monitoring
Help

Question

  Asked: Feb 15 2008   10:37 PM GMT
  Asked by: NetworkingATE

Data link layer monitoring


Networking, Network monitoring, Data link protocols

Can you please explain a method used for data link layer monitoring?

Subscribe to Alerts! Get questions and answers delivered to your Inbox.


E-mail me updates on this question



   SUBSCRIBE

hidden modal window
Help

Answer Wiki (Improve, edit or add to this answer)

IMPROVE THIS ANSWER
View History
 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0
Last Answered: Feb 17 2008  1:54 AM GMT  by Jlees




The Data Link Layer refers to "Layer 2" in the OSI model . I assume when you say monitoring you mean a "Sniffer" to watch traffic at layer two. There are a number of them out there that are great and sometimes very useful, called ethereal it has both Windows and Linux distributions and really is quite powerful... and FREE!!!

This will capture and let you see traffic at layer 2 just fine. If you look at others out there you will likely want to be sure it operates in "Promiscuous mode", basically if it doesn't it will only allow you to see traffic sent to or from the device you are monitoring with. Most sniffer programs do offer this feature these days.

Keep in mind that a Switch will only send traffic to a port if the destination MAC addres has been "seen" on the port, so you may need to configure the port as a monitor port to see all layer 2 traffic on monitor traffic with it, this in effect will make all traffic be sent to that port and I would recommend only using the port to monitor traffic and not for hosts on your network. You do not have to worry about this if you have a true network hub, but these are farther and fewer in between these days since switches are better at managing traffic than a hub.

Hopefully that helps, happy capturing!
  • AddThis Social Bookmark Button

Browse more Questions and Answers on Networking.

Looking for relevant Networking Whitepapers? Visit the SearchNetworking.com Research Library.


RSS - Discussions Help

Discuss This Answer


You must be logged-in to discuss a question. Log-in/Register

Labnuke99  |   Feb 18 2008  2:31PM GMT

ethereal has been deprecated. The application is now called wireshark. It is an excellent tool for watching network traffic.

ntop is a good application for watching traffic also although it requires *nix. It will work at layer2

 

Jlees  |   Feb 21 2008  7:06AM GMT

Excellent addition to the conversation! Thanks for the update on the product name, I hadn’t used it in a while and wondered what happened to it since teh latest version I could find was only slight;y newer than the version I had recalled using a while back.

 

Labnuke99  |   May 14 2008  5:19PM GMT

You should check out this blog entry. Laura Chappell is the bitgirl and is a goddess when it comes to packet analysis.