i have a keen interest learning networking tools such as ethereal , nmap, mrtg etc but from reading is just wasting my time...
so i decide to buld a simulation..
my network have 4 workstations
1 pc is infected with virus
1 pc has a faulty network card
2 pc are in good condition...
so i want to use ethereal to check any broadcast from the network..
from there i can learned how to tackle the problem and how to solve it
i want opinion from expert out there, is this method praktical to impliment?
or do you have any praktical method?
In regards to the virus part of your scenario I would suggest a more practical implementation would be a firewall (i.e. Pix) on your simulated network that logs any suspicious port activity, whether it be incoming or outgoing. Once you have the port and the offending IP it is simply a matter of going to the computer and, if it is running Windows XP, do a "netstat -no" or even a "netstat -b" and that will let you see which application/virus is responsible.
That is how it is done where I work, which is a network of all the hospitals in my city with about 5000 workstations, 8000 IP phones, 250 switches, etc. Sniffer Pro is usually only used for troubleshooting complex connection problems, and that is only after logging on to the switch and looking for duplex/speed mismatches and the error counters.