Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


simple - packet sniffer

Posted on 2004-10-30
Medium Priority
Last Modified: 2013-12-04
I have seen a billion questions on EE about packet sniffing, but for some reason I can not find one that fits all of my needs.
need 1: free
need 2 : for windows -> rules out Snort, right?
need 3: snifs packets for my entire network, not just my computer - rules out ethereal.

For some reason, even when i put my network card in permiscuous mode in ethereal, i only see packets going to/from my computer, not the other computers behind the common router. Is there not an easy way to sniff packets when behind a router(as opposed to a hub or switch).

This should be a 2 second answer, I just got frusterated looking around for a sniffer that works. My next attempt will be to install cygwin and then install snort onto that, but I hope I do not have to do that.
Thank you.
Question by:jramrus
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
LVL 71

Expert Comment

by:Chris Dent
ID: 12461483

If you're using Switches, Promiscuous mode won't achieve much (you'll only see broadcasts and traffic bound for that computer).

What type of switches are you working with? Some have the option of allowing you to see all traffic on one port (I think Cisco).

Author Comment

ID: 12465269
I am currently using  Lynxsis router(a division of Cisco). I have danced around the settings for it, but have not seen anything that helped me with this problem.
LVL 71

Accepted Solution

Chris Dent earned 100 total points
ID: 12465602

The Linksys kit isn't as high-spec as the Cisco kit unfortunately.

But it's not really traffic passing to the router you want to watch is it? If it is I recommend getting a cheap hub and adding it between the switches and the router itself - running a computer with a sniffer directly off the hub will see everything that touches the router (everything passing through the hub).

If you set up something like that Ethereal would happily capture all the traffic except internal network only.

If it's just internal you want to watch then it's more difficult, aside from an option on the switch to capture all traffic I can't really think of much to help.
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!


Assisted Solution

riotz earned 100 total points
ID: 12514749
well to sniff the packets for the whole network you have to make the network believe that "you" are the router..
which is the so called "man in the middle" attack..
you should check ettercap.. it has some pretty nice mitm attack.. and a great password sniffer aswell...
i havent checked the sniffer of the new version out yet.. but it seems to capture all the packets going thru the network now..
if that doesnt work and you are realy in need to capture every single packet combine it with ethereal..

hope that helps..

Author Comment

ID: 12516030
I will give it a try. So it should work even though I am behind a router?
Thank you very much.

Expert Comment

ID: 12517231
uhm well when your router is no high tech ueber router it normaly should


Featured Post

Tech or Treat! - Giveaway

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question