Register

Forgot Password

Site FAQ

Home > IT Answers > Security > Need help with packet sniffing

NetworkingATE

1,545 pts.

Need help with packet sniffing

Packet Analyzer Software, Packet analyzers, Packet sniffers, Packet Sniffing, Sniffer software, Sniffers

I am doing a sniffer project but I have one problem. This program only receives our host-related packets. I need to know how to receive all packets in the transmission medium. Can anyone help?

Software/Hardware used:

ASKED: December 11, 2008 8:14 PM

UPDATED: December 12, 2008 5:10 PM

RELATED QUESTIONS

Answer Wiki:

It sounds like you need to put the NIC in Promiscuous mode this allow the card to pass all packets it receives. Check with the NIC manufacturers to find out how to do this. This reference also has other programs that might be able to do this for you. Good Luck! -Flame ================ Wireshark by default will place the NIC into promiscuous mode if the application is running with administrative privileges. Depends on what you are trying to capture also. You can "hub out" with a hub between the host of interest and the network. This will allow you to capture all data between the host and the network and also any broadcast or multicast traffic. See my blogs on Network Taps for some more information about how to setup for this activity. You may also configure a switchport in SPAN mode so all traffic is mirrored to another port for analysis.

Researching Network TAPs - an end to network blindness?

Researching Network TAPs - an end to network blindness? (part 2)

Researching Network TAPs - an end to network blindness? (part 3)

Researching Network TAPs - Strike 1 (part 4)

Researching Network TAPs - Implementation Day (part 5)

Feel free to contact me for more information.

It sounds like you need to put the NIC in <a href="http://en.wikipedia.org/wiki/Promiscuous_mode">Promiscuous mode</a> this allow the card to pass all packets it receives. Check with the NIC manufacturers to find out how to do this.  This reference also has other programs that might be able to do this for you.
Good Luck!
-Flame
================
Wireshark by default will place the NIC into promiscuous mode if the application is running with administrative privileges. Depends on what you are trying to capture also. You can "hub out" with a hub between the host of interest and the network. This will allow you to capture all data between the host and the network and also any broadcast or multicast traffic. See my blogs on Network Taps for some more information about how to setup for this activity. You may also configure a switchport in SPAN mode so all traffic is mirrored to another port for analysis.
<ul>
	<li><a href="http://itknowledgeexchange.techtarget.com/it-trenches/hello-world/">Researching Network TAPs - an end to network blindness? </a></li>
</ul>
<ul>
	<li>
<a href="http://itknowledgeexchange.techtarget.com/it-trenches/researching-network-taps-an-end-to-network-blindness-part-2/">Researching Network TAPs - an end to network blindness? (part 2)</a></li>
</ul>
<ul>
	<li>
<a href="http://itknowledgeexchange.techtarget.com/it-trenches/researching-network-taps-an-end-to-network-blindness-part-3/">Researching Network TAPs - an end to network blindness? (part 3)</a></li>
</ul>
<ul>
	<li>
<a href="http://itknowledgeexchange.techtarget.com/it-trenches/researching-network-taps-strike-1-part-4/">Researching Network TAPs - Strike 1 (part 4)</a></li>
</ul>
<ul>
	<li>
<a href="http://itknowledgeexchange.techtarget.com/it-trenches/researching-network-taps-implementation-day-part-5/">Researching Network TAPs - Implementation Day (part 5)</a></li>
</ul>
Feel free to contact me for more information.

Last Wiki Answer Submitted: June 6, 2013 3:52 pm by Michael Tidmarsh

14,000 pts.

All Answer Wiki Contributors: Michael Tidmarsh

14,000 pts. , Flame

14,895 pts.

To see all answers submitted to the Answer Wiki: View Answer History.

RSS - Discussions Help

Discuss This Question:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

POSTED: Dec 12, 2008 5:10 PM (GMT)

You’ll need to ensure you’re network analyzer is using the right network adapter in promiscuous mode like Labnuke99 mentions. You’ll also need to plug into a monitor/span/mirror port on your switch in order to see everything on the segment. If you don’t have a managed switch, then you could use an Ethernet hub as long as the other host(s) you want to view traffic to/from are also plugged into that hub. As a last resort (I say so because you can crash your switch) you can use Cain & Abel to do ARP poisoning and essentially turn your switch into a hub so you can see everything. You can even use Cain for sniffing as well.

Kevin Beaver

11,040 pts.

Ask a Question

Browse IT Answers by Topic

>>VIEW ALL TAGS

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags