Ethereal-users: Re: [Ethereal-users] Sniff all packets in a subnet

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Fri, 07 Oct 2005 01:50:09 -0700
Breen Mullins wrote:


You're almost certainly connected to a switch (which is marketing-speak
for a bridge),
Really? I think of a bridge as a device that forwards all received packets to those networks on the bridge, other than the one on which the packet came in on, where the links to the networks in question are part of the spanning tree of the network, while a switch forwards broadcast packets to all ports, multicast packets either to all ports or to ports it knows are listening to that multicast address, and unicast packets only to the port it knows has an interface with that multicast address plugged into it.
But, yes, Ethernet networks tend to be switched, these days, so A, B, and C are probably plugged into a switch (perhaps with a router behind the switch). 


Some time with Google for the search phrase 'ethernet switch' will help
with the basics of switches.


And also see

	http://wiki.ethereal.com/CaptureSetup/Ethernet


The bottom-line answer is that you can't do what you want.
...unless the switch supports "port mirroring" or whatever the vendor calls it *AND* he has enough access to the switch to allow him to turn his port into a mirrored port - but, even if the switch does support that, it's unlikely that he'd get that access; he'd have to ask the network administrators for it, and I suspect they wouldn't grant it.