why tcpdump can not see the traffic of otherbox in subnet? - Unix

This is a discussion on why tcpdump can not see the traffic of otherbox in subnet? - Unix ; I have three boxes here: box1, box2, box3, they are in the sam subnet I start up tcpdump in box1, and from box2 to telnet box3. I believe tcpdump should see the telnet traffic from box2 to box3. For the ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: why tcpdump can not see the traffic of otherbox in subnet?

  1. why tcpdump can not see the traffic of otherbox in subnet?

    I have three boxes here:
    box1, box2, box3, they are in the sam subnet
    I start up tcpdump in box1, and from box2 to telnet box3.
    I believe tcpdump should see the telnet traffic from box2 to box3. For
    the reason is IP package is boradcast in subnet.

    But tcpdump can only show the package into or out itself ( box1 ).
    I have checked when the tcpdump is running, the NIC is working under
    promiscucous mode.
    Do you know why it can not see other box's package?


  2. Re: why tcpdump can not see the traffic of otherbox in subnet?

    niebuyang@gmail.com writes:
    >I have three boxes here:
    >box1, box2, box3, they are in the sam subnet
    >I start up tcpdump in box1, and from box2 to telnet box3.
    >I believe tcpdump should see the telnet traffic from box2 to box3. For
    >the reason is IP package is boradcast in subnet.


    >But tcpdump can only show the package into or out itself ( box1 ).
    >I have checked when the tcpdump is running, the NIC is working under
    >promiscucous mode.
    >Do you know why it can not see other box's package?


    How are they connected? With a hub or a switch? Switches by definition
    only present traffic destined for the machine down the wires that
    connect up to that machine. You can get broadcast traffic, or blips of
    traffic before the switch learns which MAC addresses exist on which
    port, but not generaly any traffic not destined for that machine.

    Hubs just repeat all traffic down all ports, but ethernet hubs are
    very rare in use now-a-days.

    Typically, to sniff traffic between box2 and box3 you need to have
    box1 on a port-span port of the swich. Most managed switches will let
    you setup port-span or port mirrored ports. Evil ways can also flood
    out the CAM table of the switch, but you'll have to keep doing it.


  3. Re: why tcpdump can not see the traffic of otherbox in subnet?

    Thanks! Got it..


+ Reply to Thread