4

I have 2 network devices that talk to each other over Ethernet. I would like to sniff the traffic using Wireshark. But the devices are going through a switch. The switch routes the traffic to only the ports that need the data.

At another location I have a hub. All the traffic is repeated across all the ports.

Is there a way to tell the switch to send the traffic down my port also?

EDIT: This is an unmanaged switch.

Robert Deml
  • 12,390
  • 20
  • 65
  • 92
  • I assume that this is being closed as not-programming related, but as I have run into this exact problem many times as a programmer, I vote to keep it open. Monitoring network traffic is just another layer of debugging IMHO. – Rob Prouse Jan 12 '09 at 20:37
  • Agreed - this is related to programming any network app – Jon B Jan 12 '09 at 22:26
  • Is there any custom programmable switch available in the market? – Dawn T Cherian Nov 28 '18 at 05:33

5 Answers5

3

You might want to look into ARP spoofing. http://en.wikipedia.org/wiki/ARP_poisoning

Jared
  • 39,513
  • 29
  • 110
  • 145
  • I was just going to submit this. This is probably your only alternative if you don't have access to the management port or can swap in a new router. Be warned that most would consider this hacking/cracking and might not look too kindly on it. – Ed Griebel Jan 12 '09 at 21:03
  • It's not really ethical but, grab the ARP table off the router using SNMP and spoof requests for all of the hosts on the network to update their arp tables to make your computer. Then setup IP forwarding to pass everything going into your computer to the router and sniff to your heart's content. Like I said, this is considered black hat magic. – Evan Plaice Nov 11 '10 at 01:04
1

Since this is an unmanaged switch, the only way that I can think of is to temporarily put a hub between the switch and one of the devices you want to monitor, then plug a laptop into that hub to do the monitoring. The laptop should now see all traffic between the device and the switch.

This is pretty easy since you can do it at the location of one of the devices. You just need a hub, two more lengths of CAT cable and the computer you are using to monitor with.

Rob Prouse
  • 22,161
  • 4
  • 69
  • 89
0

If the switch is a managed switch, it likely has a mode to act like a hub. Just be careful not to leave it like that.

Some will also have ways to mirror ports and such as well. You need to find out what kind of switch it is.

RE Edit: If it is unmanaged, then you are boned. Use a hub, a managed switch or run wireshark on the computer(s) affected.

GEOCHET
  • 21,119
  • 15
  • 74
  • 98
0

The switch may have a management interface that lets you do that. Be warned that if you do, you'll wreck performance on the switch since everything attached to it will now have to deal with collisions.

RussellH
  • 1,239
  • 1
  • 9
  • 13
0

You could try a port redirector, like this one. You would configure one device to talk to your computer instead of the other device, and the redirector will send the data to the real target. There are several programs like this out there, or you could write your own.

Jon B
  • 51,025
  • 31
  • 133
  • 161