netstat question - sniff using hub
dtimms at iinet.net.au
Tue Nov 13 11:03:51 UTC 2007
Ed Greshko wrote:
> zephod at cfl.rr.com wrote:
>> On to my next problem. Why can't this FC6 box see any http traffic from a
>> Windows Vista box on my local network when it is obviously connecting to
>> various web sites? I'm using Wireshark and yes, I have opened up the
>> firewall. I can see ICMP traffic and other protocols from the Windows box
>> and I can see http traffic from my FC6 box.
> Is your FC6 box acting as a router in your network? Or, are both the
> Windows box and FC6 connected to a switch? If the latter, then don't expect
> to see much traffic from the Windows host since a switch prevents that. You
> will a small amount of traffic from the Windows box in the form of
> "broadcast" traffic.
You can work around the efficient, learning capability of the switch
that stops the sniffing by changing the device to a boring old hub,
which blats each incoming packet out all other ports.
That was my reason for keeping mine around.
Also check that you are starting sniffing in promiscuous mode, the default.
You could also set up a third machine with two network cards and
configure it as a transparent bridge; with wireshark installed, you can
then see all traffic.
More information about the fedora-list