Ulf Lamping wrote:
You might try Ethereal with the promiscuous mode to see if you can see
anything else at all, see also:
http://wiki.ethereal.com/CaptureSetup_2fEthernet
Yes, that's an important page to read for anybody trying to capture
traffic - it explains why capturing promiscuously on a switched network
is harder than one might naively think.
I don't know using a socket for capturing, we use the libpcap/Winpcap
library for it, which is far more protable ...
...because not all systems use sockets for packet capture.
Even on those systems that do, you can't do promiscuous captures on
arbitrary sockets, only on the sockets intended for use in, among other
things, packet capture, and you don't explicitly turn IFF_PROMISC on
with, for example, PF_PACKET sockets in Linux (there's another way to
turn promiscuous mode on, which arranges that if the program exits
without turning promiscuous mode off, when the socket is closed
promiscuous mode is turned off automatically).
So libpcap/WinPcap is almost always, if not always, the best choice for
doing packet sniffing - it's more portable, and, even for applications
where somebody doesn't care about portability (or doesn't *think* they
care, even though they might, at some point in the future, want to or
have to make the application work on another platform), it incorporates
many "best practices" for using the various capture mechanism on various
platforms.