There are fewer token ring cards that support Promiscuous mode than
Ethernet: i.e. the IBM chipset will not do PMode, which eliminates most
IBM & 3Com NICs. This is somewhat historical as PMode cards allow
people to sniff the network, and IBM felt this was insecure and
inappropriate in the past. Also, in some TR Specs the are warning
packets sent out before a card goes into PMode, and the are packets that
can force a card out of PMode. Whether this is implemented is up to the
Search Microsoft's home page for NICs compatible with Network Monitor.
This should give you an idea of what should work. I would also suggest
looking at Network Monitor as your sniffer. A reduced function version
is ship with NT4 Betas, while the full program is available with SMS
Warning: I may be prejudice about Netmon as I tested for a while, and my
comments reflect in no way, any policy, plans or programs of Microsoft
or my employer.
>From: mulligaj[SMTP:mulligaj @
>Sent: Tuesday, April 23, 1996 6:12 PM
>To: firewalls @
>Subject: RE: PC based sniffer (Token Rings?)
>At 07:57 PM 04/23/96, you wrote:
>>>| I've seen responses for ethernet sniffers, is there any software
>>>| for sniffing your SLIP/PPP dial connection? I'm using ShivaPPP ndis
>>>| and its trace features are pretty limited - can count IP pkts, but can't
>>>| see inside them.
>Is it any differnt to sniff on a token ring system than it is to sniff
>ethernet? I know the theory behind each is different, but would the
>If not... could someone suggest PC based Token Ring (IBM) sniffers?
>John P. Mulligan <mulligaj @
>PGP PUBLIC KEY available at http://www.lafayette.edu/~mulligaj
>"Perhaps you think your Email is legitimate enough that encryption is
>unwarranted. If you really are a law-abiding citizen with nothing to
>then why don't you always send your paper mail on postcards? ... Are
>you trying to hide something?" --- Pretty Good Privacy (PGP) Manual