Network monitoring




I need some experts to help me out on this. I have a network consists of 4
terminals that attached to a cisco catalyst 2950 switch. I have also attached
a monitoring PC with sniffers (windump / ethereal) to the last port of same
2950 Switch to monitor packets from these terminals.

The question is when I install WinXP Pro / Win2003 Server to the monitoring
PC, the trace log shows valid packets from these terminals. However, if I
install Win2K(even with the latest network driver) , I can't see any packets
from the terminal in the log. Why is that so, anyone? How should I
troubleshoot? My Network cards are Intel Pro/1000MT & Intel Pro/1000XT

p/s :
1. Have tried many versions of Network Driver for W2K. None work.
2. Have tried same network driver version for both XP and W2K. Only XP works.
3. Only use default driver for Win2003 which is much lower version than the
above (version 6.x) and it works.

Thanks in advance

Ryan Hanisco

You need to make sure that your network driver is in promiscuous mode
(hehehe) or else it will drop packets that are not destined for that MAC
address. So you have your span port set to send all traffic from those
devices to the server, right? If the NIC is set to accept all packets
rather than dropping them you should be in business.

If you can run 2k and get it to work with one of the other drivers, why is
this a problem? or am I misunderstanding?

