Ethereal - TCP-IP

This is a discussion on Ethereal - TCP-IP ; Hi, I would like to sniff packet for a TCP/IP device (not a PC) in my network. This device "talk" with another device ans I would like to see the traffic between this two device. I scan all the traffic ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: Ethereal

  1. Ethereal

    Hi,

    I would like to sniff packet for a TCP/IP device (not a PC) in my
    network. This device "talk" with another device ans I would like to
    see the traffic between this two device.
    I scan all the traffic with Ethereal, but I see just the traffic that I
    receive (the PC with Ethereal) and the brodcast.

    Someone know what is my problem?

    Thanks.


  2. Re: Ethereal

    Mtn_bikers ha escrito:

    > Hi,
    >
    > I would like to sniff packet for a TCP/IP device (not a PC) in my
    > network. This device "talk" with another device ans I would like to
    > see the traffic between this two device.
    > I scan all the traffic with Ethereal, but I see just the traffic that I
    > receive (the PC with Ethereal) and the brodcast.
    >
    > Someone know what is my problem?
    >
    > Thanks.


    How are all those devices connected??? I guess they are using a
    switch...that would explain
    what you are seeing. If that is the case, try using span ports.

    Lokke.


  3. Re: Ethereal

    Mtn_bikers wrote:
    > I would like to sniff packet for a TCP/IP device (not a PC) in my
    > network. This device "talk" with another device ans I would like to
    > see the traffic between this two device. I scan all the traffic
    > with Ethereal, but I see just the traffic that I receive (the PC
    > with Ethereal) and the brodcast.


    Assuming your systems are all connected via a switch or switches...

    Switches perform "traffic isolation." The switch will "learn" on which
    port it sees a given MAC (ethernet) address as a source and will then
    send traffic destined to that MAC only to that port. Nodes on other
    ports will not see the traffic even if their interfaces are in
    promiscuous mode.

    You either need to connect the system of interest and the sniffing
    system with a _hub_ (not a switch, not a bogusly named "switching
    hub") that you then connect to the switch port of the system of
    interest.

    Otherwise, if you have a sufficiently capable switch, you can
    designate a port to be a "monitor port" or somesuch name (varies by
    switch) and that traffic to/from another port should be
    mirrored/monitored onto that port.

    rick jones
    --
    a wide gulf separates "what if" from "if only"
    these opinions are mine, all mine; HP might not want them anyway...
    feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

  4. Re: Ethereal

    From: "Mtn_bikers"

    | Hi,
    |
    | I would like to sniff packet for a TCP/IP device (not a PC) in my
    | network. This device "talk" with another device ans I would like to
    | see the traffic between this two device.
    | I scan all the traffic with Ethereal, but I see just the traffic that I
    | receive (the PC with Ethereal) and the brodcast.
    |
    | Someone know what is my problem?
    |
    | Thanks.

    The PC with Ethereal needs to be on a hub, not an Ethwernet Switch, and needs a promiscuous
    NIC and drivers on the same network as the TCP/IP device/appliance.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm



  5. Re: Ethereal


    The PC with ethereal is on the same "HUB" of my first device. If I
    telnet the device from this PC I saw the packet but if the device talk
    to another device, I don't see anything.


  6. Re: Ethereal

    From: "Mtn_bikers"

    |
    | The PC with ethereal is on the same "HUB" of my first device. If I
    | telnet the device from this PC I saw the packet but if the device talk
    | to another device, I don't see anything.

    You need to have a promiscuous LAN adapter on the Ethereal based platform.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm



  7. Re: Ethereal

    Mtn_bikers wrote:
    > The PC with ethereal is on the same "HUB" of my first device. If I
    > telnet the device from this PC I saw the packet but if the device talk
    > to another device, I don't see anything.


    Since you put "HUB" in quotes, is it at all possible that it is really
    a switch? I'm not sure it is conclusive, but if you can get
    full-duplex, I believe that means it is a switch and not a hub and so
    the previous post(s) about switches and traffic isolation would apply.

    Assuming of course that ethereal is indeed putting the interface into
    promiscuous mode.

    rick jones
    --
    Wisdom Teeth are impacted, people are affected by the effects of events.
    these opinions are mine, all mine; HP might not want them anyway...
    feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

+ Reply to Thread