Can we sniff packets between 2 machines in a network from a third machine using wireshark or ethereal
https://stackoverflow.com/questions/830014
-
06-07-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have a small network in which there are 2 electronic devices and one desktop connected using a switch. Through the desktop with Ethereal/wireshark installed on it, can I sniff the packets that are being communicated between the 2 electronic devices?
I cannot install ethereal or wireshark on either of the electronic devices, but need to monitor the traffic between the 2 devices from my desktop, which is connected via the same switch.
Solution
You will have to use Cain & Abel or some such. In other words, you need to use ARP poisoning. Dunno if it is illegal. But it should be.
OTHER TIPS
Change the switch to a good old-fashioned hub, then just sniff the traffic as normal. Of course, that might not be possible for you either, but I thought I'd at least point it out.
Yes if your switch support Mirror Option that allow you to duplicate all paquet to a specified port on the switch on wich your computer will snif packet. Otherwise I think it's not possible.
If you have a computer with two ethernet ports, configure it as a bridge, connect the two devices and sniff with wireshark to your hearts content.
Normally, to sniff packets through switch you need to do ARP-poisoning attack (so switch replicates all packets on your sniffing interface). There are tools for such ARP-poisoning attack (Cain & Abel is a great example).
There are two ways to do this:
- Connect your sniffer with Wireshark and the two devices to a Hub (If you can still find one of those...)
- Use a switch with Port Mirroring Capabilities. You would configure the switch to mirror packets from certain ports to a mirrored port. You connect your Wireshark pc to the mirrored port.
Hub would be the easiest way. Switch with a SPAN port next. However, if you don't have either of those and given that you mentioned that you have a computer with two ports, you could setup bridging between them. However, it would actually be much easier if you can configure the two electronic devices' IP addresses to setup the desktop as a router. Specifically, if you're running Linux (or can boot a Linux LiveCD with wireshark on it), you can very easily assign device 1 the IP address 10.0.0.2 with a default gateway of 10.0.0.1 (assuming you can set the devices to use static IP's; if they use DHCP, you'll have to set up a DHCP server on the linux box and that's getting out of scope). Setup the second device with IP address 10.0.1.2 with default gateway 10.0.1.1. Setup the linux box so that interface 1 (eth0) has IP 10.0.0.1 and interface 2 (eth1) has IP 10.0.1.1. Plug all 4 interfaces into the switch (you could also directly connect the devices to each port, but depending on how old the devices are, they might require cross over cables) Last step is to enable routing; on the linux box as root, do echo 1 > /proc/sys/net/ipv4/ip_forward and now the two devices will need to go through the linux router so you can sniff the traffic.
