Ask Your Question
0

Wireshark only shows local computer?

asked 2020-09-22 05:05:04 +0000

killmasta93 gravatar image

Hi,

Currently trying to understand a bit more wireshark but im only seeing traffic on my computer and not the whole LAN on my test lab, as i currently running the wireshark on promiscuous mode, cable direct to the switch. I even bought myself a Dualcomm DCSW-1005PT which connected my PC running Debian on port 5 then the LAN cable on port 1 on the dualcomm to then to the switch

Not sure what i missed?

wireshark running 3.5

https://i.imgur.com/PBQ7AoT.png

https://imgur.com/A22Wg5U.png Thank you

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-09-22 05:48:09 +0000

Jaap gravatar image

What you've missed is studying this page on how switches make networking more efficient, but harder to monitor the complete network at the same time. It also contains some info on how to make traffic available for capture, your Dualcomm is one of the options implementing that for a single link.

edit flag offensive delete link more

Comments

Thank you for the reply, the page really help, so if i understood correctly the TAP that i have can only monitor one or 2 devices connected to the TAP switch and not the whole network. The only way i monitor the network if i port mirror the switch? i did read another way is to use arp poising but as its says only on my test LAN network, so if i wanted to see if there is nothing fishy going on or no flowing http passwords, how could i check without disturbing the network? as i only see the option is the port mirroring?

killmasta93 gravatar imagekillmasta93 ( 2020-09-23 03:41:52 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2020-09-22 05:05:04 +0000

Seen: 349 times

Last updated: Sep 22 '20