Solved

How can I look at all the packets on my unmanaged switch?

Posted on 2010-09-19
6
508 Views
Last Modified: 2012-05-10
I have several wndows computers on an unmanaged switched and I want to run some software on one of those computers that will view all the packets on that switch, not just the ones addressed to the specific monitoring computer.

What's a good free or inexpensive piece of software to look at all switch activity from a single PC?

Thanks.
0
Comment
Question by:gateguard
  • 3
  • 2
6 Comments
 
LVL 2

Expert Comment

by:TAOSA
ID: 33711025
What you are talking about is a packet sniffer on a switch but several pieces of essential information are lacking.  
1) Is this switch set up to bridge packets?  
    If bridging is turned on then every port sees every packet and can be used to monitor traffic

2) Is there a monitoring port?  
0
 

Author Comment

by:gateguard
ID: 33711048
It's a netgear fs605 unmanaged 5-port switch

i can't do anything about the internals of the switch

0
 
LVL 2

Accepted Solution

by:
TAOSA earned 500 total points
ID: 33711076
Sorry - Windows key interruption

What you are talking about is a packet sniffer on a switch but several pieces of essential information are lacking.  

1) Is this switch set up to bridge packets?  
    If bridging is turned on then every port sees every packet and can be used to monitor traffic to and from all attached nodes.  

2) Is there a monitoring port on the switch?
    This port 'sees' all packets on the switch and can be used to monitor individual packets on all ports.

3) Have you put your network card in permiscuous mode?  
    Permicsuous mode means the interface will pay attention to all packet traffic - not just those addressed to it.  In non-permiscuous mode, packets not addressed to the interface are dropped/ignored.  

4) Have you consulted your legal department?
    As a CISSP I have to inform you that monitoring the packet traffic of others can have serious legal ramifications.  You could be subject to fines and imprisonment.  Got that out of the way, now I can move on.

If there is no monitoring port, you cannot do this unless all traffic passes through, say, a router or backbone switch.  In that case, you can monitor traffic directly on the router or backbone switch.  In Cisco, I think the command used to be "debug ip packet" and produces an 'alert' for each and every packet.  Can be confusing when you're entering a command line and alerts keep pushing your entry line up the screen.  

Stay legal.    

With your network interface set to promiscuous mode, you need to run a sniffer application.  These can be downloaded as shareware.  Use caution when downloading; always use a reputable service.  Otherwise, you can purchase a sniffer commercially.  

If you are running a Windows domain controller, you have the option to install and run Network Monitor.  Here is a link describing the application.

http://technet.microsoft.com/en-us/library/cc938655.aspx
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:gateguard
ID: 33711088
Thanks, Taosa, very thorough answer.

I own all three computers involved and am just trying to figure out a way to troubleshoot the single weirdest networking problem I have ever seen, so I'm not going to worry about the legal stuff.

But you've pointed me in the right direction with promiscuous mode.  I'm going to try that.

Thanks again for that detailed response.  I really do appreciate it.
0
 

Author Comment

by:gateguard
ID: 33711089
Great.  Thanks.
0
 
LVL 3

Expert Comment

by:csalaski
ID: 33711092
Wireshark is free.  http://www.wireshark.org/  It can capture all traffic on the line even if not addressed to that workstation. You can filter the results to see only what you want to look at.

0

Featured Post

Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Losing network connectivity 8 73
Windows 7 Share with XP 22 132
Getting locked out and can't access Cisco via the web 18 35
Tools to detect weak WiFi routers prior connecting to it 14 103
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now