This is actually the use case I suggested ettercap for.  It's sort of true that wireshark will only sniff traffic on it's host (or really any traffic sniffer) in that a switch keeps an ARP table and won't send traffic intended for other hosts to the wireshark machine.  You would still see broadcast traffic with wireshark, but as for xbox traffic and such that won't show up and not because of wireshark but because the switch doesn't broadcast that traffic.

There's 2 potential solutions to this, use a hub instead of a switch (really hard to find these days) or poison the switch's arp cache (hence the ettercap recommendation).  With either of these approaches you can still use wireshark.


On Fri, Nov 22, 2013 at 6:44 AM, AZ Pete <plug@cactusfamily.com> wrote:
All,
thanks for various replies. I will definitely check out wireshark. However, it was pointed out that wireshark can only sniff on the host it is installed on.
That will be ok for some of my needs. However, I want to be able to view what some of the "applicances" on my home network are sending outbound. These would be things such as my kids Xbox, the smart TV and a few other such devices where I would be unable to load an application such as wireshark onto. 
I was poking around my router's interface, but it doesn't really have what I'm looking for.

Is there a way to sniff the data from all hosts on my network ?

Peter


On 11/21/2013 1:00 PM, Mike Bushroe wrote:
Wireshark, definitely. We use it extensively in our lab for testing firmware changes and problem reports on the International Space Station LAN. work great for catching individual packets and analyzing them layer by layer, protocol by protocol, tracing back and forth traffic of protocol handshaking, and just plain overall bandwidth. However, it will only record the traffic on the wire(s) it is connected to. To see other parts of the system, you either need to run multiple copies of Wireshark, or find something else that puts an agent on other machines to watch traffic in other parts of the net.

 Our main switch is just a small embedded PPC, and does not have the RAM or Flash to run Wireshark, and probably not the speed also. But some switch/routers might be able to and then you could see traffic on any of the lines connected to it.

Mike

--
"Creativity is intelligence having fun." — Albert Einstein


---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss


---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss



--
Paul Mooring
Operations Engineer
Opscode, Inc.