At 05:40 PM 5/13/2004, Kyle F. wrote:
I'm having some problems with Ethereal and other packet sniffers in
general. Here's my situation...
Home network, behind a Linksys 5 port 10/100 hub, consisting of Redhat
machine, a Fedora machine, and a WinXP machine. I've run multiple packet
sniffers from each (Ethereal, tcpdump, Snort), and cannot detect network
activity other than broadcasts, or traffic directed at the machine in
question. I read over your FAQ and it looks like this is a common
problem. I emailed Linksys, and they told me the hub I have should behave
as a hub and not as a switch. They said it's just pass through. I made
sure that the machines were all operating at the same speed (100), as the
FAQ specified -- just in case. So far, none of this has worked.
Then clearly Linksys is wrong. Your device is acting as a switch, at least
at 100Mb. You could try setting your sniffing machine and at least one
other to 10Mb and see if that makes a difference - there is some chance
that the Linksys has a true hub for its 10Mb part. Otherwise you'll have
to try a different hub.
I use cable modem, so I tried to plug my machine directly into the modem
to try and sniff network traffic in the neighborhood area. Same
problem. All I see are lots and lots of ARP broadcasts. This makes me
think that either I'm doing something wrong with these programs, or my
OS's or network cards do not go into promiscuous mode.
I wouldn't have any expectations about seeing traffic other than your own
coming from the cable modem. You might see some or you might not. The
cable system and modem could be designed either way.