just dl'ed and installed wireshark onto a Toshiba Portege R705 Laptop running W8.1 Pro. When i put in a filter of ip.address == 192.168.1.101 I only see traffic where 192.168.1.101 is the source, never when it is the destination. And at that, the only traffic that seems to be captured are Broadcast type packets. I don't see any TCP/UDP. Both devices are attached to a DLink DGS-1008G switch. asked 10 Sep '14, 17:59  PacNW-cp |
One Answer:
Unless you configure your switch to send copies of the traffic of 192.168.1.101 to your laptop (also known as SPAN port/mirror port), you'll only see Broadcasts. Take a look here: http://wiki.wireshark.org/CaptureSetup/Ethernet answered 11 Sep '14, 06:57  Jasper ♦♦ |
hmmm, well unfortunately lots of dead links at the wiki page http://wiki.wireshark.org/CaptureSetup/Ethernet
the DGS-1008G is a "dumb" switch, it has no interfacing. Though looking at the description it does do QoS , tagging and MAC learning. So maybe better to call it "smart but unmanageable"? Even so, the 2 machines are on the same switch, traffic still can't be seen??
Anyway, from what I've read it seems ARP hacking (with Cain and Able) is required. I am not eager to hack the network , so not sure what I will do now.
Be nice if there was a bundling option somewhere ...
The "partitioning" of traffic is pretty much the entire reason for a switch, traffic is only directed to the ports that "need" to see it. Unless the switch provides a means to span or mirror port traffic, you won't be able to capture non-broadcast traffic on ports other than the port you're connected to.