On Wed, 2 Mar 2005 12:59:51 -0500, Claude Morin <klodefactor at gmail dot com> wrote:
> At this point it's probably best to do something like:
> and watch, packet by packet, to confirm what's missing, and from which
> end. For sniffing, I use Ethereal pretty much exclusively these days;
> it's supported on many platforms, including MS Windows.
Agreed, this is the next step I'd take as well.
> ** For the less experienced people following this discussion: it's
> important to use a true hub in the pictured configuration, not a
> dual-speed hub unless you're sure all three devices are communicating
> at the same speed, and definitely not a switch. Otherwise, the
> sniffer PC won't see the traffic between the m0n0wall and the
For those that might be wondering why, a 10/100 hub is a 10 Mb hub and
a 100 Mb hub connected by an internal switch between the two. You
can't put two speeds on a true hub. So to ensure you're seeing all
the traffic, you either need to make sure it's a true hub, or the
devices are all the same speed. If you have a managed switch, it
should have port monitoring or SPAN capabilities, which will also
suffice when configured appropriately.