<div dir="ltr">This is actually the use case I suggested ettercap for. It's sort of true that wireshark will only sniff traffic on it's host (or really any traffic sniffer) in that a switch keeps an ARP table and won't send traffic intended for other hosts to the wireshark machine. You would still see broadcast traffic with wireshark, but as for xbox traffic and such that won't show up and not because of wireshark but because the switch doesn't broadcast that traffic.<div>
<br></div><div>There's 2 potential solutions to this, use a hub instead of a switch (really hard to find these days) or poison the switch's arp cache (hence the ettercap recommendation). With either of these approaches you can still use wireshark.</div>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Nov 22, 2013 at 6:44 AM, AZ Pete <span dir="ltr"><<a href="mailto:plug@cactusfamily.com" target="_blank">plug@cactusfamily.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#333333" bgcolor="#FFFFFF">
<font face="Calibri">All,<br>
<font face="Calibri">thanks for<font face="Calibri"> various
replies. <font face="Calibri">I will definitely check ou<font face="Calibri">t wireshark. <font face="Calibri">However,
it was pointed ou<font face="Calibri">t that wireshark
can only <font face="Calibri">sniff on the host it is
installed on.<br>
That will be ok for<font face="Calibri"> some of my
needs. However, I <font face="Calibri">want to be
able to view what some of the "<font face="Calibri">ap<font face="Calibri">plicances"
on my home network <font face="Calibri">are
sending outbo<font face="Calibri">und. <font face="Calibri">These would be <font face="Calibri">thin<font face="Calibri">gs such as my kids
Xbox, the <font face="Calibri">sma<font face="Calibri">rt T<font face="Calibri">V and <font face="Calibri">a few other
such devices <font face="Calibri">where I
would be un<font face="Calibri">able to
load a<font face="Calibri">n
appli<font face="Calibri">cation
such as w<font face="Calibri">ireshark
on<font face="Calibri">to.
<br>
I was poking
around my <font face="Calibri">ro<font face="Calibri">uter's
inter<font face="Calibri">face<font face="Calibri">,
but it doesn't
really have <font face="Calibri">w<font face="Calibri">hat
I'm looking
for<font face="Calibri">.<br>
<br>
</font></font></font></font></font></font></font><font face="Calibri">Is
<font face="Calibri">there
a way to <font face="Calibri">s<font face="Calibri">niff
the data f<font face="Calibri">rom
<font face="Calibri">all
hosts on my
netw<font face="Calibri">ork
?<br>
<br>
<font face="Calibri">Peter<br>
<br>
</font></font></font></font></font></font></font></font></font></font></font></font></font></font></font></font></font></font></font></font></font></font></font></font></font></font></font><br>
</font></font></font></font></font></font></font></font><div><div class="h5">
<div>On 11/21/2013 1:00 PM, Mike Bushroe
wrote:<br>
</div>
</div></div><blockquote type="cite"><div><div class="h5">
<div dir="ltr">
<div>
<div>Wireshark, definitely. We use it extensively in our lab
for testing firmware changes and problem reports on the
International Space Station LAN. work great for catching
individual packets and analyzing them layer by layer,
protocol by protocol, tracing back and forth traffic of
protocol handshaking, and just plain overall bandwidth.
However, it will only record the traffic on the wire(s) it
is connected to. To see other parts of the system, you
either need to run multiple copies of Wireshark, or find
something else that puts an agent on other machines to watch
traffic in other parts of the net.<br>
<br>
</div>
Our main switch is just a small embedded PPC, and does not
have the RAM or Flash to run Wireshark, and probably not the
speed also. But some switch/routers might be able to and then
you could see traffic on any of the lines connected to it.<br>
<br>
</div>
Mike<br clear="all">
<div>
<div>
<div>
<div><br>
-- <br>
<div dir="ltr"><span style="font-family:arial,sans-serif;font-size:11pt">"Creativity
is intelligence having fun." — Albert Einstein</span></div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><div class="im"><pre>---------------------------------------------------
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.org</a>
To subscribe, unsubscribe, or to change your mail settings:
<a href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss" target="_blank">http://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></pre>
</div></blockquote>
<br>
</div>
<br>---------------------------------------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss" target="_blank">http://lists.phxlinux.org/mailman/listinfo/plug-discuss</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">
<span>Paul Mooring</span><br>Operations Engineer<br><div><font color="#222222" face="arial, sans-serif">Opscode, Inc.</font></div><div><div><div><div><br><font color="#222222" face="arial, sans-serif"><br></font></div></div>
</div></div></div>
</div>