tcpdump mailing list archives
Re: About promiscuous mode
From: Guy Harris <guy () alum mit edu>
Date: Tue, 03 Jul 2007 09:20:55 -0700
Max Laier wrote:
[this is not necessarily the right mailinglist for this question, but ...]
Well, Wireshark has separate wireshark-dev and wireshark-users lists, but tcpdump-workers is really the union of "tcpdump-users", "tcpdump-dev", "libpcap-users" ("users" in the sense of people writing libpcap-based applications), and "libpcap-dev" ("dev" in the sense of people fixing or extending libpcap), so it's probably as good a list as any.
In a switched LAN you will only see broadcasts and packets destined to the address(es) that are advertised behind your switch port. The sollution is:a) use the "monitor" port on your switch b) use a hub rather than a switch c) overflow the forwarding table of your switch to turn it into a hub
See http://wiki.wireshark.org/CaptureSetup/Ethernet for more information on capturing on a switched Ethernet. That page refers to http://wiki.wireshark.org/SwitchReferencewhich has pages for various switch vendors with instructions, or pointers to vendor manuals with instructions, on using monitor ports/mirrored ports/whatever the vendor calls them.
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- About promiscuous mode l0he1g (Jul 02)
- Re: About promiscuous mode Max Laier (Jul 03)
- Re: About promiscuous mode Guy Harris (Jul 03)
- Re: About promiscuous mode Max Laier (Jul 03)