[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: netstat question - sniff using hub

---- David Timms <dtimms iinet net au> wrote: 
> Ed Greshko wrote:
> > zephod cfl rr com wrote:
> > 
> >> On to my next problem. Why can't this FC6 box see any http traffic from a
> >> Windows Vista box on my local network when it is obviously connecting to
> >> various web sites? I'm using Wireshark and yes, I have opened up the
> >> firewall. I can see ICMP traffic and other protocols from the Windows box
> >> and I can see http traffic from my FC6 box.
> > 
> > Is your FC6 box acting as a router in your network?  Or, are both the
> > Windows box and FC6 connected to a switch?  If the latter, then don't expect
> > to see much traffic from the Windows host since a switch prevents that.  You
> > will a small amount of traffic from the Windows box in the form of
> > "broadcast" traffic.

> You can work around the efficient, learning capability of the switch 
> that stops the sniffing by changing the device to a boring old hub, 
> which blats each incoming packet out all other ports.

I've got a Linksys WRT54G that I have flashed with the DD-WRT firmware. Perhaps there is some setting that will allow me to see all the traffic. I will look at it this evening.

> That was my reason for keeping mine around.
> Also check that you are starting sniffing in promiscuous mode, the default.

I am. I checked that.

> You could also set up a third machine with two network cards and 
> configure it as a transparent bridge; with wireshark installed, you can 
> then see all traffic.

Pehaps if I had a 3rd machine and a couple of network cards ;-)


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]