This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Ethernet traffic capture

0

Can I capture all traffic in my LAN? not only my pc traffic.

I want to get the packets from other¡s pc's in the same workgroup.

For example: I want to be able to know wich pages is other people visiting. assuming that I have ip 172.17.223.15 and I want to see the traffic of 172.17.223.16

Is it that possible?¿ PD:Sorry for my bad english.

This question is marked "community wiki".

asked 17 Nov '10, 10:28

umbertix's gravatar image

umbertix
6114
accept rate: 0%

edited 17 Nov '10, 10:40


One Answer:

1

This depends on your network. If you have a central Hub (not a Switch) you can see all data passing by, but it is highly unlikely that you're not using a Switch (because hubs are slooooooow). On a switch, you can only receive broadcasts and other single packets that are flooded to all ports because of an unknown destination MAC address, but you will not see complete communication flows of others. The switch will hide it from you because it is connecting stations directly without broadcasting the data to all other stations.

One way to get around this problem of not seeing the packets you want is to use a SPAN session (a.k.a mirror port, monitor port etc.), but that requires the switch in use to be manageable. Some better SOHO switches can do that, usually via web interface. If your switch is "dumb" and cannot be managed you're out of luck, unless you try to leverage some hacking techniques like ARP cache poisoning on the network. Or you can get one of the fancy Dualcomm switches with built-in monitor ports and replace your switch with it :-)

answered 17 Nov '10, 14:55

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

See the Wireshark Wiki page on Ethernet capture setup for more information on Ethernet captures and switches; it also refers you to the Wireshark Wiki switch reference pages for information on SPAN sessions/mirror ports/etc. for various brands of switches.

(17 Nov '10, 18:47) Guy Harris ♦♦

Thx for quick answering.

Thats a good comunity

(18 Nov '10, 04:25) umbertix