I have a question regarding packet sniffing a particular host on a switched network. i am using Ethereal (b/c it's free) and would like to gather and report on the traffic i collect.
The host machine is running a specific, bandwidth-intesive application. There are multiple hi-res images involved and streaming data. The performance of this host has been suffering since installation, especially when compared to similar workstations installed throughout the organization. but the vendor will not reload the app or rebuild the workstation until i run a sniffer.
The switch that my sniffer laptop and target host are on is a cisco 3560.
my question is this: How do i get around the switch's arp table and sniff the incoming/outgoing packets from the target host? as you know, b/c of the switch's arp table, the traffic that is intended for the target host is going directly to it. and vice versa. now i have read about arp-spoofing and arp-poisoning, but aren't those a little malicious for a simple network admin task? is there maybe a setting on the cisco switch that i can change, or do i really need to run a seperate app to spoof my switch into sending my sniffer laptop data?
any help or direction would be greatly appreciated!