How to snif packets of another pc in my network??

How to snif packets of another pc in my network??
rodstevensAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Steve JenningsIT ManagerCommented:
1) If the PC you want to sniff is plugged into a hub (likely, it is not) then simply plug your PC running wireshark into the same hub and capture the data.

2) If the PC you want to sniff is plugged into a switch, AND the switch has port mirroring capability you can mirror all of the traffic onto another port and plug your PC into the port you've sent the mirrored traffic into and capture the data.

3) If the switch doesn't have port mirroring capability AND you have a hub, you can cable the PC you want to sniff into the hub, then cable the hub into the switch . . . then plug your PC into the hub and capture data.

4) If you can't do 1, 2, or 3 you will need to download Cain and Able (or a similar product) that allows you to do ARP cache poisoning. This will essentially allow you to be a surreptitious man-in-the-middle.

That said, no offense, but if you can't pull off 1, 2 or 3 you will probably have trouble with the ARP cache poisoning solution. It's a non-trivial task to set up properly and Cain and Able isn't a very user friendly product if you are not more or less network savvy.

Good luck,
SteveJ
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Kamran ArshadIT AssociateCommented:
Hi,

Nicely mentioned in the above comment. Tell the exact model of your switch. It will help you a lot in checking if it supports port-mirroring. Also you can purchase a hub which can always be useful in such diagnostic purposes. Hub is really very inexpensive these days and you can get one for low price.
0
jahboiteCommented:
Great answer from SteveJ.  I'd just add that if 1, 2 or 3 aren't an option and you feel like attempting 4 then there's some basics of ARP poisoning here:

http://www.irongeek.com/i.php?page=security/arpspoof

and an excellent video tutorial at the same site:

http://www.irongeek.com/i.php?page=videos/using-cain-to-do-a-man-in-the-middle-attack-by-arp-poisoning
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Security

From novice to tech pro — start learning today.