?
Solved

How can I look at all the packets on my unmanaged switch?

Posted on 2010-09-19
6
Medium Priority
?
593 Views
Last Modified: 2012-05-10
I have several wndows computers on an unmanaged switched and I want to run some software on one of those computers that will view all the packets on that switch, not just the ones addressed to the specific monitoring computer.

What's a good free or inexpensive piece of software to look at all switch activity from a single PC?

Thanks.
0
Comment
Question by:gateguard
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 2

Expert Comment

by:TAOSA
ID: 33711025
What you are talking about is a packet sniffer on a switch but several pieces of essential information are lacking.  
1) Is this switch set up to bridge packets?  
    If bridging is turned on then every port sees every packet and can be used to monitor traffic

2) Is there a monitoring port?  
0
 

Author Comment

by:gateguard
ID: 33711048
It's a netgear fs605 unmanaged 5-port switch

i can't do anything about the internals of the switch

0
 
LVL 2

Accepted Solution

by:
TAOSA earned 2000 total points
ID: 33711076
Sorry - Windows key interruption

What you are talking about is a packet sniffer on a switch but several pieces of essential information are lacking.  

1) Is this switch set up to bridge packets?  
    If bridging is turned on then every port sees every packet and can be used to monitor traffic to and from all attached nodes.  

2) Is there a monitoring port on the switch?
    This port 'sees' all packets on the switch and can be used to monitor individual packets on all ports.

3) Have you put your network card in permiscuous mode?  
    Permicsuous mode means the interface will pay attention to all packet traffic - not just those addressed to it.  In non-permiscuous mode, packets not addressed to the interface are dropped/ignored.  

4) Have you consulted your legal department?
    As a CISSP I have to inform you that monitoring the packet traffic of others can have serious legal ramifications.  You could be subject to fines and imprisonment.  Got that out of the way, now I can move on.

If there is no monitoring port, you cannot do this unless all traffic passes through, say, a router or backbone switch.  In that case, you can monitor traffic directly on the router or backbone switch.  In Cisco, I think the command used to be "debug ip packet" and produces an 'alert' for each and every packet.  Can be confusing when you're entering a command line and alerts keep pushing your entry line up the screen.  

Stay legal.    

With your network interface set to promiscuous mode, you need to run a sniffer application.  These can be downloaded as shareware.  Use caution when downloading; always use a reputable service.  Otherwise, you can purchase a sniffer commercially.  

If you are running a Windows domain controller, you have the option to install and run Network Monitor.  Here is a link describing the application.

http://technet.microsoft.com/en-us/library/cc938655.aspx
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:gateguard
ID: 33711088
Thanks, Taosa, very thorough answer.

I own all three computers involved and am just trying to figure out a way to troubleshoot the single weirdest networking problem I have ever seen, so I'm not going to worry about the legal stuff.

But you've pointed me in the right direction with promiscuous mode.  I'm going to try that.

Thanks again for that detailed response.  I really do appreciate it.
0
 

Author Comment

by:gateguard
ID: 33711089
Great.  Thanks.
0
 
LVL 3

Expert Comment

by:csalaski
ID: 33711092
Wireshark is free.  http://www.wireshark.org/  It can capture all traffic on the line even if not addressed to that workstation. You can filter the results to see only what you want to look at.

0

Featured Post

Understanding Web Applications

Without even knowing it, most of us are using web applications on a daily basis. Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We often confuse these web applications tools for websites.  So, what is the difference?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question