|
What you can capture depends upon where your Macintosh is located in the network. The rules are simple:
-
You can capture all unicast frames in your Collision Domain;
-
You can capture all multicast frames in your Collision Domain;
-
You can capture all broadcast frames in your Broadcast Domain; and
-
Unless your Layer Two Switch has been configured to block the traffic, you can also capture all multicast frames in your Broadcast Domain.
Figure 1 illustrates some of the key concepts:
For example, if your Macintosh is host “A”, you will be able to capture the following:
-
Unicast frames to/from your own Macintosh.
-
Unicast frames to/from host “B” (because “A” and “B” share a common hub).
-
Broadcast frames that originate from any host or communications device in your Broadcast Domain.
-
Multicast frames that originate within your Broadcast Domain, plus any multicast frames that may be forwarded into your Broadcast Domain by the router.
Similarly, if your Macintosh is host “G”, you will be able to capture the following:
-
Unicast frames to/from your own Macintosh.
-
Unicast frames to/from host “H”.
-
Broadcast frames that originate from any host or communications device in your Broadcast Domain.
-
Multicast frames that originate within your Broadcast Domain, plus any multicast frames that may be forwarded into your Broadcast Domain by the router.
If your Macintosh is host “C” or “D”, you will be able to capture the following:
-
Unicast frames to/from your own Macintosh.
-
Broadcast frames that originate from any host or communications device in your Broadcast Domain.
-
Multicast frames that originate within your Broadcast Domain, plus any multicast frames that may be forwarded into your Broadcast Domain by the router.
If your Macintosh is connected remotely via PPP or PPPoE, like hosts “E” or “F”, you will be able to capture frames sent by your Macintosh to the remote-access server, and frames sent by the remote-access server to your Macintosh.
All other network traffic will be invisible, simply because the various communications devices limit what kinds of traffic is sent where. However, see Remote Capture for ways around this problem.
Finally, keep in mind that capturing traffic going to/from someone else’s computer may constitute an invasion of privacy. Even though an Ethernet Collision Domain acts like a telephone “party line” and is inherently insecure, it is at best impolite to listen to other people’s conversations, and may even be contrary to law in your jurisdiction. Please ensure that you have sought and obtained all necessary permissions and consents before you capture traffic that is not your own. Remember, FrameSeer is a tool to help you diagnose networking problems. It is not a permit for you to eavesdrop!
|
|
