[ale] Wireshark newbie-Q: Promiscous capture

Patrick Evans pevans at backcountry.com
Tue Apr 28 18:52:39 EDT 2009


Yeah you need to know if you are using a hub or a switch. If you're using a switch you would need to setup a mirror port on the switch (if it is capable of that) and attach your linux host to that port.

You might find it simpler to use tcpdump to determine if you are picking up traffic destined for third party hosts.

Something like:

tcpdump -netti eth0 dst ip_address and not src local_ip

where ip_address == some other host on the local network AND
where local_ip == the ip address of the machine you are using to snoop

-Patrick

-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Robert Coggins
Sent: Tuesday, April 28, 2009 4:10 PM
To: Atlanta Linux Enthusiasts - Yes! We run Linux!
Subject: Re: [ale] Wireshark newbie-Q: Promiscous capture

If you are on a switch you may not be able to capture the packets for
other IPs.  You need a hub.  Unless I am missing something else here...

Robert

Mills John M-NPHW64 wrote:
> ALErs -
>
> I want to capture all [wired] traffic to or from  certain IPs (or MACs
> if preferred) on a Linux host attached to a desktop hub through which
> all the traffic of interest is passing.
>
> I set capture into 'promiscous' mode and filter on the stations I want
> to see, but only display packets that would normally be read by my
> wireshark host: broadcast, etc. I run wireshark from a console in which
> I have become 'su'.
>
> What must I do to see on host 'A' all the traffic going between hosts
> 'B' and 'C'? Are there some switches that must be used when building
> wireshark, or other constraints on how it is run?
>
> Thanks for any guidance.
>
>  - Mills
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
_______________________________________________
Ale mailing list
Ale at ale.org
http://mail.ale.org/mailman/listinfo/ale



More information about the Ale mailing list