Personal computing discussed

Moderators: renee, Steel, notfred

 
lazy_boy
Gerbil
Topic Author
Posts: 47
Joined: Sat Aug 20, 2011 5:38 am

Packet sniffing tool

Sat Apr 05, 2014 12:14 am

Hi Guys

I was wondering if someone can help me out.

Is there a packet sniffing tool like Wireshark that can monitor LAN activity rather than just one PC.

Thanks :D
 
steelcity_ballin
Gerbilus Supremus
Posts: 12072
Joined: Mon May 26, 2003 5:55 am
Location: Pittsburgh PA

Re: Packet sniffing tool

Sat Apr 05, 2014 12:40 am

Your router?
 
BIF
Minister of Gerbil Affairs
Posts: 2458
Joined: Tue May 25, 2004 7:41 pm

Re: Packet sniffing tool

Sat Apr 05, 2014 12:54 am

steelcity_ballin wrote:
Your router?


Are you saying his router is a tool, or are you asking for his router info such as model, etc.?
 
NovusBogus
Graphmaster Gerbil
Posts: 1408
Joined: Sun Jan 06, 2013 12:37 am

Re: Packet sniffing tool

Sat Apr 05, 2014 1:13 am

Perhaps he is requesting to borrow the router so that he can inscribe arcane magicks upon it to divine all IP traffic and not only the Higgs boson, but also the Higgs boson's mate.

(apologies, I'm enjoying some good bubbly tonight and can't pass up a good trolling opportunity)

In any case, your best bet for a wired network is probably going to be using the router since, assuming you use switches instead of a dumb hub/repeater, an endpoint is only ever going to see its own IP traffic. If you've got Cisco its kind of a no brainer, for major consumer models I believe dd-wrt has an IP traffic monitor that would work. If everyone's wireless, security distros like Kali and Matriux have wifi traffic sniffers onboard. They can be booted from a USB stick. Either way you're going to be having a date with Mr. Tux.

If you have a multi-tier LAN with switches it's gonna depend on what, if any, software is available for your switches.
 
lazy_boy
Gerbil
Topic Author
Posts: 47
Joined: Sat Aug 20, 2011 5:38 am

Re: Packet sniffing tool

Sat Apr 05, 2014 2:08 am

My router is not capable of doing something like that (i:e monitoring network traffic), I thought there is some sort of software out there that can monitor network LAN traffic

I'm not interested in buying another router as my current one works fine. Thanks
 
cheesyking
Minister of Gerbil Affairs
Posts: 2756
Joined: Sun Jan 25, 2004 7:52 am
Location: That London (or so I'm told)
Contact:

Re: Packet sniffing tool

Sat Apr 05, 2014 5:20 am

The problem with a software approach to network monitoring is that the hardware makes it impossible. Pretty much all networks these days use switches to connect wired PCs, switches make sure that network packets only go to the PCs they're intended for so your computer with its monitoring software never gets to see the packets being sent between other computers.

Back in the days of network hubs you could do this as a hub just blindly sends every packet it receives out to every machine connected to it but those days are long gone (the last actual hub I saw was 10Mb).

I've never looked into doing this but I suppose some of the fancier managed switches might be able act like hubs
Fernando!
Your mother ate my dog!
 
madlemming
Gerbil XP
Posts: 341
Joined: Fri Oct 15, 2004 2:22 pm

Re: Packet sniffing tool

Sat Apr 05, 2014 6:54 am

Google port mirroring and see if you router/switch supports it. You basically want to tell your network equipment to forward the traffic on every port you want to monitor to a machine running wireshark. I know dd-wrt is able to do this, not sure about others.
 
prb123
Gerbil
Posts: 43
Joined: Wed Apr 25, 2007 10:04 pm

Re: Packet sniffing tool

Sat Apr 05, 2014 7:35 am

 
just brew it!
Administrator
Posts: 54500
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Packet sniffing tool

Sat Apr 05, 2014 11:12 am

The problem is that with modern Ethernet technologies, anything that isn't specifically tagged as a broadcast packet is sent point-to-point. The packet is only seen by the sender, the receiver, and any routers/switches in between. So unless you can install packet sniffing software on all of the endpoints you want to monitor, or have packet sniffing ability on an intermediate router/switch, you're SOL.

The one other possibility I can think of is if you can find an old 100 Mbit hub (NOT a switch!), you could plug all of the systems you need to monitor, plus the system running Wireshark into that hub. Hubs rebroadcast all received traffic on every port instead of sending it only to the specified destination; when a system is plugged into a hub, it is the NIC's responsibility to discard any traffic that isn't specifically sent to its MAC address (and Wireshark explicitly configures the NIC to disable this filtering mechanism). The biggest downside to this approach (aside from the problem of finding a 100 Mbit Ethernet hub... you'll need to hit eBay) is that you're dropping the network down to 100 Mbit aggregate throughput, shared between all of the systems on the hub. Unless the only thing these systems are doing is surfing the Web and reading e-mail, this is likely to result in an unacceptable degradation of network performance.
Nostalgia isn't what it used to be.
 
UberGerbil
Grand Admiral Gerbil
Posts: 10368
Joined: Thu Jun 19, 2003 3:11 pm

Re: Packet sniffing tool

Sat Apr 05, 2014 1:14 pm

Should probably back up a step and ask why the OP wants to sniff packets on the LAN. Depending on what you're trying to accomplish, it may be possible in some other way.
 
Aphasia
Grand Gerbil Poohbah
Posts: 3710
Joined: Tue Jan 01, 2002 7:00 pm
Location: Solna/Sweden
Contact:

Re: Packet sniffing tool

Sun Apr 06, 2014 9:48 am

Actually, OP needs to put more info about the goals. As in, what are you trying to accomplish, forget everything about how at the moment.

Monitoring lan activity is usually WAY differnt from packet sniffing in the corner of the world called enterprise networking. That sentence alone would to me exclude a packet sniffer until so much later in discussion of what might want to be a achived that it's not even there.

Who is online

Users browsing this forum: No registered users and 1 guest
GZIP: On