Solved

How can I look at all the packets on my unmanaged switch?

Posted on 2010-09-19
6
519 Views
Last Modified: 2012-05-10
I have several wndows computers on an unmanaged switched and I want to run some software on one of those computers that will view all the packets on that switch, not just the ones addressed to the specific monitoring computer.

What's a good free or inexpensive piece of software to look at all switch activity from a single PC?

Thanks.
0
Comment
Question by:gateguard
  • 3
  • 2
6 Comments
 
LVL 2

Expert Comment

by:TAOSA
ID: 33711025
What you are talking about is a packet sniffer on a switch but several pieces of essential information are lacking.  
1) Is this switch set up to bridge packets?  
    If bridging is turned on then every port sees every packet and can be used to monitor traffic

2) Is there a monitoring port?  
0
 

Author Comment

by:gateguard
ID: 33711048
It's a netgear fs605 unmanaged 5-port switch

i can't do anything about the internals of the switch

0
 
LVL 2

Accepted Solution

by:
TAOSA earned 500 total points
ID: 33711076
Sorry - Windows key interruption

What you are talking about is a packet sniffer on a switch but several pieces of essential information are lacking.  

1) Is this switch set up to bridge packets?  
    If bridging is turned on then every port sees every packet and can be used to monitor traffic to and from all attached nodes.  

2) Is there a monitoring port on the switch?
    This port 'sees' all packets on the switch and can be used to monitor individual packets on all ports.

3) Have you put your network card in permiscuous mode?  
    Permicsuous mode means the interface will pay attention to all packet traffic - not just those addressed to it.  In non-permiscuous mode, packets not addressed to the interface are dropped/ignored.  

4) Have you consulted your legal department?
    As a CISSP I have to inform you that monitoring the packet traffic of others can have serious legal ramifications.  You could be subject to fines and imprisonment.  Got that out of the way, now I can move on.

If there is no monitoring port, you cannot do this unless all traffic passes through, say, a router or backbone switch.  In that case, you can monitor traffic directly on the router or backbone switch.  In Cisco, I think the command used to be "debug ip packet" and produces an 'alert' for each and every packet.  Can be confusing when you're entering a command line and alerts keep pushing your entry line up the screen.  

Stay legal.    

With your network interface set to promiscuous mode, you need to run a sniffer application.  These can be downloaded as shareware.  Use caution when downloading; always use a reputable service.  Otherwise, you can purchase a sniffer commercially.  

If you are running a Windows domain controller, you have the option to install and run Network Monitor.  Here is a link describing the application.

http://technet.microsoft.com/en-us/library/cc938655.aspx
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:gateguard
ID: 33711088
Thanks, Taosa, very thorough answer.

I own all three computers involved and am just trying to figure out a way to troubleshoot the single weirdest networking problem I have ever seen, so I'm not going to worry about the legal stuff.

But you've pointed me in the right direction with promiscuous mode.  I'm going to try that.

Thanks again for that detailed response.  I really do appreciate it.
0
 

Author Comment

by:gateguard
ID: 33711089
Great.  Thanks.
0
 
LVL 3

Expert Comment

by:csalaski
ID: 33711092
Wireshark is free.  http://www.wireshark.org/  It can capture all traffic on the line even if not addressed to that workstation. You can filter the results to see only what you want to look at.

0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now