I am trying to capture all traffic passing through a switch but i got only my traffic with the switch not other devices traffic though the port i used is configured as VLAN with other computers. Our instructor told us it is a WireShark setting issue, how do i change the setting to capture all traffic on that switch ??? asked 11 Apr '13, 04:47  Ashraf |
One Answer:
A switch will never forward 'other' traffic (traffic that is not directed to your ethernet mac address + broadcast) to your port unless you tell it to do so. So, if you did not configure a mirror port on the switch, you will only see this kind of traffic.
Please read the following Wiki article: http://wiki.wireshark.org/CaptureSetup/Ethernet
I suggest your instructor reads the article as well ;-) and then this book: http://www.wiresharkbook.com/ ;-)) Regards answered 11 Apr '13, 05:55  Kurt Knochner ♦ |
His or her instructor probably thinks enabling promiscuous mode is sufficient. As you note, the instructor is mistaken, and should read the Wireshark Wiki article in question ("and the novice was enlightened").
So the VLAN don't make a broadcast domain for it's port ??
A VLAN is a broadcast domain (or at least it should be - some switches don't take it very serious ;-)). But that does not help to receive non-broadcast traffic on a port, other than the traffic that is directed to the mac address of the device on that port.