How To Capture Http Packets in LAN

Question

Well I m working on Java project.in order to make an application that will capture all packets in my lan , and be able to see HTTP traffics . I m currently using Jnetpcap API , i succeed listing interface and do a live capture and extract HTTP PACKETS . the problem I m having is I only Capture traffic of my own machine . I have already look up about this in google . the only solution I have found so far is to enable promiscuous mode , i did that using ifconfig cmd , unfortunately the problem remains . I don't how to solve that . any solutions ..??

Answer 1

You can only ever capture traffic that is actually passing through the box you are listening on. Promiscuous mode only means that if traffic happens to arrive at your box but is not addressed to it, it would read that traffic. You are only going to get into that situation if you are using a network hub however. On a switched network, only traffic actually intended for your machine ever gets to your machine.

You would need to use a switch that has a SPAN port in order to monitor all the traffic going through that switch, or run your monitoring program on a system that all your network traffic passes through (a machine on the border of your network, for example).

Answer 2

I use winpcap (not Jnetpcap) but I think somethings are constatnt.

Whether you enable promiscuous mode in your OS or not, you must pass the promiscuous mode flag when you open tour network adapter. For example, in winpcap we do like as below code:

pcap_open(d->name, 65536, PCAP_OPENFLAG_PROMISCUOUS /* promiscuous mode */ , 1000, NULL, errbuf) 

For more information please check the official winpcap documentation.

Good luck

Ya Ali.