Network Sniffers
Paul Mooring
paul at opscode.com
Fri Nov 22 09:31:43 MST 2013
This is actually the use case I suggested ettercap for. It's sort of true
that wireshark will only sniff traffic on it's host (or really any traffic
sniffer) in that a switch keeps an ARP table and won't send traffic
intended for other hosts to the wireshark machine. You would still see
broadcast traffic with wireshark, but as for xbox traffic and such that
won't show up and not because of wireshark but because the switch doesn't
broadcast that traffic.
There's 2 potential solutions to this, use a hub instead of a switch
(really hard to find these days) or poison the switch's arp cache (hence
the ettercap recommendation). With either of these approaches you can
still use wireshark.
On Fri, Nov 22, 2013 at 6:44 AM, AZ Pete <plug at cactusfamily.com> wrote:
> All,
> thanks for various replies. I will definitely check out wireshark. However,
> it was pointed out that wireshark can only sniff on the host it is
> installed on.
> That will be ok for some of my needs. However, I want to be able to view
> what some of the "applicances" on my home network are sending outbound. These
> would be things such as my kids Xbox, the smart TV and a few other such
> devices where I would be unable to load an application such as wireshark
> onto.
> I was poking around my router's interface, but it doesn't really have what
> I'm looking for.
>
> Is there a way to sniff the data from all hosts on my network ?
>
> Peter
>
>
> On 11/21/2013 1:00 PM, Mike Bushroe wrote:
>
> Wireshark, definitely. We use it extensively in our lab for testing
> firmware changes and problem reports on the International Space Station
> LAN. work great for catching individual packets and analyzing them layer by
> layer, protocol by protocol, tracing back and forth traffic of protocol
> handshaking, and just plain overall bandwidth. However, it will only record
> the traffic on the wire(s) it is connected to. To see other parts of the
> system, you either need to run multiple copies of Wireshark, or find
> something else that puts an agent on other machines to watch traffic in
> other parts of the net.
>
> Our main switch is just a small embedded PPC, and does not have the RAM
> or Flash to run Wireshark, and probably not the speed also. But some
> switch/routers might be able to and then you could see traffic on any of
> the lines connected to it.
>
> Mike
>
> --
> "Creativity is intelligence having fun." — Albert Einstein
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
--
Paul Mooring
Operations Engineer
Opscode, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20131122/d21915bb/attachment.html>
More information about the PLUG-discuss
mailing list