Re: About promiscuous mode

[Guy Harris <guy () alum mit edu>]

Max Laier wrote:

> [this is not necessarily the right mailinglist for this question, but ...]

Well, Wireshark has separate wireshark-dev and wireshark-users lists, 
but tcpdump-workers is really the union of "tcpdump-users", 
"tcpdump-dev", "libpcap-users" ("users" in the sense of people writing 
libpcap-based applications), and "libpcap-dev" ("dev" in the sense of 
people fixing or extending libpcap), so it's probably as good a list as any.

> In a switched LAN you will only see broadcasts and packets destined to the 
> address(es) that are advertised behind your switch port.  The sollution 
> is:
>  a) use the "monitor" port on your switch
>  b) use a hub rather than a switch
>  c) overflow the forwarding table of your switch to turn it into a hub

See

        http://wiki.wireshark.org/CaptureSetup/Ethernet

for more information on capturing on a switched Ethernet.

That page refers to

        http://wiki.wireshark.org/SwitchReference

which has pages for various switch vendors with instructions, or 
pointers to vendor manuals with instructions, on using monitor 
ports/mirrored ports/whatever the vendor calls them.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.