Home > IT Answers > Security > Need help with packet sniffing
Help

Question

Asked:
Asked By:
Dec 11 2008   8:14 PM GMT
NetworkingATE   1095 pts.

Need help with packet sniffing


Sniffer software, Sniffers, Packet analyzers, Packet sniffers, Packet Analyzer Software, Packet Sniffing

I am doing a sniffer project but I have one problem. This program only receives our host-related packets. I need to know how to receive all packets in the transmission medium. Can anyone help?

Subscribe to Alerts! Get questions and answers delivered to your Inbox.


E-mail me updates on this question



   SUBSCRIBE

hidden modal window
Help

Answer Wiki (Improve, edit or add to this answer)

IMPROVE THIS ANSWER
View History
 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0
Last Answered: Dec 11 2008  9:23 PM GMT  by Labnuke99   21120 pts.


Latest Contributors: Flame   14495 pts.


It sounds like you need to put the NIC in Promiscuous mode this allow the card to pass all packets it receives. Check with the NIC manufacturers to find out how to do this. The Wiki-pedia site referenced also has other programs that might be able to do this for you.
Good Luck!
-Flame
================
Wireshark by default will place the NIC into promiscuous mode if the application is running with administrative privileges. Depends on what you are trying to capture also. You can "hub out" with a hub between the host of interest and the network. This will allow you to capture all data between the host and the network and also any broadcast or multicast traffic. See my blogs on Network Taps for some more information about how to setup for this activity. You may also configure a switchport in SPAN mode so all traffic is mirrored to another port for analysis.

Researching Network TAPs - an end to network blindness?
Researching Network TAPs - an end to network blindness? (part 2)
Researching Network TAPs - an end to network blindness? (part 3)
Researching Network TAPs - Strike 1 (part 4)
Researching Network TAPs - Implementation Day (part 5)

Feel free to contact me for more information.
  • AddThis Social Bookmark Button

Browse more Questions and Answers on Security.

Looking for relevant Security Whitepapers? Visit the SearchSecurity.com Research Library.


RSS - Discussions Help

Discuss This Answer


You must be logged-in to discuss a question. Log-in/Register

KevinBeaver   3540 pts.  |   Dec 12 2008  5:10PM GMT

You’ll need to ensure you’re network analyzer is using the right network adapter in promiscuous mode like Labnuke99 mentions. You’ll also need to plug into a monitor/span/mirror port on your switch in order to see everything on the segment. If you don’t have a managed switch, then you could use an Ethernet hub as long as the other host(s) you want to view traffic to/from are also plugged into that hub. As a last resort (I say so because you can crash your switch) you can use Cain & Abel to do ARP poisoning and essentially turn your switch into a hub so you can see everything. You can even use Cain for sniffing as well.