[ale] Wireshark newbie-Q: Promiscous capture

Robert Coggins ale at cogginsnet.com
Tue Apr 28 18:10:17 EDT 2009


If you are on a switch you may not be able to capture the packets for
other IPs.  You need a hub.  Unless I am missing something else here...

Robert

Mills John M-NPHW64 wrote:
> ALErs -
> 
> I want to capture all [wired] traffic to or from  certain IPs (or MACs
> if preferred) on a Linux host attached to a desktop hub through which
> all the traffic of interest is passing.
> 
> I set capture into 'promiscous' mode and filter on the stations I want
> to see, but only display packets that would normally be read by my
> wireshark host: broadcast, etc. I run wireshark from a console in which
> I have become 'su'.
> 
> What must I do to see on host 'A' all the traffic going between hosts
> 'B' and 'C'? Are there some switches that must be used when building
> wireshark, or other constraints on how it is run?
> 
> Thanks for any guidance.
> 
>  - Mills
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale


More information about the Ale mailing list