Hello all: I'm unable to get Wireshark to view "promiscuously" on my home LAN. Home LAN consists of: MINT 13 Mate machine one Ubuntu machine (11 something I think) one mac os X laptop and two windows xp boxes I'm working from the MINT machine (13) and have successfully configured wireshark ( I think ) such that I should be able to successfully capture all the traffic on my network. Checkbox for promiscous mode is checked. ip link show eth0 shows PROMISC. But traffic captured does not include packets between windows boxes for example. Only traffic to and from the MINT 13 machine ( and broadcasts etc ) Should work but it dosen't. asked 12 Dec '12, 08:36 jda8818 edited 13 Dec '12, 09:12 grahamb ♦ |
One Answer:
This doesn't have much to do with promiscuous mode, which will only allow your capturing NIC to accept frames that it normally would not. But in your case the capture setup is problematic since in a switched environment you'll only receive frames for your MAC address (plus broadcasts/multicasts). Take a look at the Wiki page here: http://wiki.wireshark.org/CaptureSetup/Ethernet answered 12 Dec '12, 08:42 Jasper ♦♦ edited 12 Dec '12, 08:44 |
Thank you Jasper ...
Home network is not swithched however. Consists of a Netgear 114P Firewall/print server (4 port) connected to an 8 port hub (Netgear FE108). I should see everything, no?
Thanks again Jasper,
J
PS: in this case I'm interested in the traffic from one specific machine, so I guess I could make sure that this particular machine is attached directly to the firewall ... I'll try that now
Hint: I converted your answer to a comment to keep things tidy.
If your hub is really a hub (and not a "switching" hub, which often happens to be the case - things that work as a switch but being called a hub) you should see everything that any port on that hub sends and receives. As far as I read the PDF manual of the device it really seems to be a hub. You should communicate in half duplex mode if it really is.
If any of the other boxes is directly attached to the Firewall you might not see it, because I guess that the Firewall doesn't work in hub mode but is in fact switching packets.
Well Jasper, I'm making some progress. I moved the MINT machine (with Wireshark) from the Firewall to the hub, and I can now see ping traffic between (for instance) the two XP boxes, which are also no the hub.
Thank You for your knowledge and attention!
You're welcome :-) If you think your question was solved you might want to accept the answer with the checkmark icon on the left. That way others can see that it helped.