I'm aware that you can use wireshark to see all broadcast packets on a LAN or by mirroring ports to see all types of traffic for that port such as an uplink.
What sort of thing would you look for to indicate problems on a LAN with a sniffer.
For example (only familiar with wireshark sniffer) the network in mention has lots of broadcasts but how do I gage what is an acceptable ammount and what is too many.
I'm sure there are too many as the subnet is a large one with the servers not on a seperate vlan/subent.
Any help or tips on analysing LAN issues with wireshark and SPAN methods would be appreciated.
I'm new to this type of analysis with sniffing tools...