0

Implemented the RAW socket in my code for sniffing the data in the network. It was able to receive the data. But only receives the data that is coming for the same machine. But while checking the same in wireshark, there is so much of data. It seems in my application not receiving all the data that I needed.

Is there any configuration change needs to be done in the socket flags?

Here is the scenario:

  • My machine is A
  • Another machine B
  • Server machine C

I just want to see the communication between B and C

Julien Marrec
  • 11,605
  • 4
  • 46
  • 63
bala krishnan
  • 1
  • 1
    For a better chance to get an answer to your question, share your attempt at fixing the problem first, and use more specific tags on your question (e.g. programming language used). – Steeve Dec 09 '16 at 12:33
  • This sounds reasonable, in a switched ethernet network, packets normally only travel between the network ports that needs to communicate. Your machine does not receive all traffic - while that used to be the case 20 years ago when only ethernet hubs were in use, it's no longer the case with ethernet switches. If you want to sniff everyting going in/out of an ethernet switch/router, you need to configure it to copy all traffic out to a specific ethernet port and sniff on that port. This feature of the ethernet switch is often called mirror or span port. – nos Dec 13 '16 at 07:19
  • @nos - You seem to have missed this: _But while checking the same in wireshark, there is so much of data._ – Armali Jun 29 '18 at 08:02
  • Possible duplicate of [Packet socket in promiscuous mode only receiving local traffic](https://stackoverflow.com/questions/1325378/packet-socket-in-promiscuous-mode-only-receiving-local-traffic) – Armali Jun 29 '18 at 08:03

0 Answers0