Need help with packet sniffing

1545 pts.
Tags:
packet analysis
Packet Sniffing
Sniffer software
Sniffers
I am doing a sniffer project but I have one problem. This program only receives our host-related packets. I need to know how to receive all packets in the transmission medium. Can anyone help?

Answer Wiki

Thanks. We'll let you know when a new response is added.

It sounds like you need to put the NIC in Promiscuous mode this allow the card to pass all packets it receives. Check with the NIC manufacturers to find out how to do this. This reference also has other programs that might be able to do this for you.
Good Luck!
-Flame
================
Wireshark by default will place the NIC into promiscuous mode if the application is running with administrative privileges. Depends on what you are trying to capture also. You can “hub out” with a hub between the host of interest and the network. This will allow you to capture all data between the host and the network and also any broadcast or multicast traffic. See my blogs on Network Taps for some more information about how to setup for this activity. You may also configure a switchport in SPAN mode so all traffic is mirrored to another port for analysis.

Feel free to contact me for more information.

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Kevin Beaver
    You'll need to ensure you're network analyzer is using the right network adapter in promiscuous mode like Labnuke99 mentions. You'll also need to plug into a monitor/span/mirror port on your switch in order to see everything on the segment. If you don't have a managed switch, then you could use an Ethernet hub as long as the other host(s) you want to view traffic to/from are also plugged into that hub. As a last resort (I say so because you can crash your switch) you can use Cain & Abel to do ARP poisoning and essentially turn your switch into a hub so you can see everything. You can even use Cain for sniffing as well.
    17,385 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following