CODEWITHSUNDEEP
wiresharktcpdump
random_numbers
random_numbers

Reputation: 33

tcpdump / wireshark capturing problems

just started with wireshark and tcpdump, they both work fine if I capture traffic on my IP but doesn`t capture anything on other sources (other IP on my network)

my setup : 1 pc running windows 8(ip 192.168.0.2), 1 laptop running ubuntu(192.168.0.3).

Both connected to a cheap unmanaged 5 port switch , that is connected to my router.

Both wired, even tried with the laptop on wireless mode.

if I run tcpdump on my laptop with filters: host 192.168.0.2(computer IP add) it does not capture anything!

Same if I run wireshark on my computer but use filters such as dest 192.168.0.3 (laptops IP)

Tried tcpdump with net 192.168.0.0/24 (should be capturing traffic from my whole network)... same result , captures only traffic that is destined to my IP (laptop from witch I am runing the command)

Tried setting to Promiscuous ON , on both the laptop and pc , same result.

Any ideea why I am not being able to capture anything from other IP addresses?

Upvotes: 0

Views: 603

Answers (1)

Christopher Maynard
Christopher Maynard

Reputation: 6264

"Both connected to a cheap unmanaged 5 port switch"

As you've already discovered, your current capture setup won't work. From the Wireshark CaptureSetup/Ethernet wiki page:

In addition, if you are on a switched Ethernet, rather than a shared Ethernet, you will also have to take action to ensure that all traffic in which you're interested is sent to the Ethernet adapter on the machine running the packet capture program; that is not, by default, the case on switched networks, so attempts to capture on a switched network will, by default, see only traffic that the capturing machine would see when not in promiscuous mode.

Refer to that same page for a number of solutions, including using a TAP, a managed switch, or even a hub (if you can even find one and have no other choice), just to name a few.

In addition to the Wireshark wiki page, I'd also highly recommend reading the very talented Jasper Bongertz's 6-part Network Capture Playbook series:

  1. The Network Capture Playbook Part 1 – Ethernet Basics
  2. The Network Capture Playbook Part 2 – Speed, Duplex and Drops
  3. The Network Capture Playbook Part 3 – Network cards
  4. The Network Capture Playbook Part 4 – SPAN Port In-Depth
  5. The Network Capture Playbook Part 5 – Network TAP Basics
  6. The Network Capture Playbook Part 6 – Planning Network Troubleshooting

Upvotes: 1

Related Questions