Why I can't capture any packets within the same LAN in promiscuous mode

Question

I just read about promiscuous mode can be turned on of a internet interface? So I made a small test environment, I opened 3 droplet server on digitalocean, with private networking on. so I end up with 3 server within the 10.130.x.x local network.

server1: 10.130.247.92

server2: 10.130.237.218

server3: 10.130.237.219

in server1, I'm using tshark to capture packets from eth1(private network interface) by

tshark -i eth1

And in server2, I constantly ping server1

ping 10.130.247.92

now server1 capture all the ICMP packets from server2, in the meantime, I turn on promiscuous mode of eth1 in server3

ifconfig  eth1 promisc

and start to capture eth1, but I couldn't capture the ICMP packet to server1.

Why is that? I'm guessing in the network is switch based, instead of hub based, so server3 can't capture packets from server2 to sever1, even they are all in the same local network and promiscuous mode is on

Answer 1

Your guess that switch is the culprit is correct. Promiscuous mode means that Ethernet controller would accept packets with any destination MAC address. It does not guarantee that such packet will be sent to that controller.

Even though those hosts are on the same subnet, these days the hosts on that subnet are likely to be connected to an ethernet switch. The switch monitors incoming packets from all ports and learns behind which port it's seen particular MAC addresses. So, if box A is connected to port 0, box B, to port 1 and box C to port 2, and assuming that each host already sent at least one packet so the switch knows who's where, if A sends a packet to B, the switch will send the packet only to port 1. If you've enabled promiscuous mode on C, you will not see the packet sent from A to B.

Here's somewhat more detailed explanation how MAC learning works.