I'm just setting up Ethereal for the first time to analyze some of the traffic to a couple of servers. I've got Ethereal installed on my personal workstation. When I capture data, I only see packets to or from my own computer, and don't see any traffic sent to the servers.

Here's a diagram of how the network is set up:

I am not too familiar with networking, but I have an inkling that the switch is preventing me from seeing the traffic that I want to see. Can someone help me out with this? Do I need to splice in to a different part in the network?

Thanks.
Chris[HTML][/HTML]

from your perspective, you need to use a hub and not a switch. A switch is a logical star, i.e. it will only place IP packets onto a network segment that contains the destination, or a switched route to it, whilst a hub is a logical bus, i.e. all data goes to everything connected to it. this generally sucks, as it is horribly wasteful of bandwidth, but obviously has some uses. these days you would normally want to either bridge the link to the internet so all traffic physically passed through your analysis box, or use port mirroring to copy all traffic on one port to another (if it was a mirrored switch). I would not expect these to be real options for you though. maybe i'm wrong to assume that, but as you have a hub in the diagram already, just swap them found, and you'll actually make better use of both connection boxes.

Thanks for the info. I know a little bit about port mirroring. Can you explain what you mean by bridging the link to the internet and an "analysis box"?

Chris

basically you turn your own machine into a two port switch, internal one side, external outside. i certainly wouldn't say this was an option for what you're asking about. these would be "ideal" solutions which aren't suitable if it's your own desktop being used.