[PLUG] Wireshark help

[wes]

On Fri, Oct 31, 2008 at 10:57 AM, VY <vyau5678 at gmail.com> wrote:

> Hi:
>
> I have launched wireshark on my Linux box and trying to capture and analyze
> network traffic.
> What I want is not to analyze the Linux box to/from network traffic but
> analyze other box(es) on the network and
> their traffic to/from the outside world as well as to/from the linux box.
>
> So far, all I could capture is to/from the Linux host to/from any boxes on
> my network but fail
> to capture any traffic out of other boxes to other hosts.
>
> Does anyone know the right filter rules for doing that?
> A few years ago, i was able to do that with ettercap when Wireshark was
> still known as Ethereal
> but things have been re-arranged and I don't see to find the docs for
> describing that.
>
> Thanks
>
> --Vincent
>

If your network uses a switch to connect computers together, you won't be
able to see any traffic to/from any boxes other than the one you are running
wireshark on. A switch only sends traffic to its destination, not to
anywhere else. You will need to either use a hub to connect to the machines
you want to monitor, or configure your switch to set up a monitoring port,
if it supports that.

-wes