I'm using wireshark in Kali v2017.1 for educational purposes on "device 2". When scanning, it does not show all the traffic. Device 1 + 2 are using the same lan and the same switch ip (IP device 1: 192.168.62.65 , IP device 2: 192.168.62.120) Wireshark does not show the network traffic of device 1. It only shows few hosts network and packet data.
What is going wrong?
Network switches learn which devices are on which switch interfaces, and they send the traffic directly to the interface where the destination device is connected. They do not send all traffic to all switch interfaces.
Switches maintain MAC address tables. As a frame comes into the switch, the switch will add the source MAC address and the interface where the frame came into the switch to its MAC address table. Then the switch will look at the destination MAC address to see if it is in the MAC address table in order to determine to which interface the frame should be sent. Only when the destination MAC address is not in the MAC address table table does the switch flood the frame to all interface except the interface on which the frame arrived. Switch very quickly learn which MAC addresses are connected to which interfaces; it only takes one frame from a MAC address to learn to which interface the MAC address is connected.
You will need to set up a mirror interface on the switch to mirror all the traffic from certain interfaces or VLANs to the mirror interface. How you do this depends on the switch model. It requires a managed switch, and you must have administrative access to the switch.
On a wireless network, it is quite possible that the wireless access point has "AP Isolation", "Client Isolation Mode" or "Guest Mode" enabled. This mode creates a 'virtual LAN' between each client and the gateway, which is not visible to any other clients.
