Sat Apr 05, 2014 11:12 am
The problem is that with modern Ethernet technologies, anything that isn't specifically tagged as a broadcast packet is sent point-to-point. The packet is only seen by the sender, the receiver, and any routers/switches in between. So unless you can install packet sniffing software on all of the endpoints you want to monitor, or have packet sniffing ability on an intermediate router/switch, you're SOL.
The one other possibility I can think of is if you can find an old 100 Mbit hub (NOT a switch!), you could plug all of the systems you need to monitor, plus the system running Wireshark into that hub. Hubs rebroadcast all received traffic on every port instead of sending it only to the specified destination; when a system is plugged into a hub, it is the NIC's responsibility to discard any traffic that isn't specifically sent to its MAC address (and Wireshark explicitly configures the NIC to disable this filtering mechanism). The biggest downside to this approach (aside from the problem of finding a 100 Mbit Ethernet hub... you'll need to hit eBay) is that you're dropping the network down to 100 Mbit aggregate throughput, shared between all of the systems on the hub. Unless the only thing these systems are doing is surfing the Web and reading e-mail, this is likely to result in an unacceptable degradation of network performance.
Nostalgia isn't what it used to be.