[Dshield] Network Sniffer

Niel van Niekerk niel at vanniekerk.net
Tue Sep 9 18:28:25 GMT 2003

Hi Kane,

Firstly, are you on a switched network port?

If yes then that is exactly  what you will see by default. There are 
ways to sniff more traffic on a swtched network, but it involves extra 
steps e.g. Switch configuration to mirror traffic to your port 
(available on higher end switches), or google for "ARP cache poisoning", 
"man in the middle" otherwise there are a few other ways of confusing 
switches as well. **NOTE: Only use these methods on your own network or 
one where you have permission to do so!**

If no then look at the capturing options in ethereal, they can be a bit 
confusing at first, but once you figure them out they are quite cool. 
(unfortunately I don't have ethereal in front of me right now so I can't 
give you specific instructions.)


Kane Wong wrote:
> If using Ethereal, how can I capture the packets from other workstation,
> because I found that once I start the packet capturing, it only captures the
> packets from and to my workstation only.  If your guys know it, please let me
> know.
> Thanks!

More information about the list mailing list