How can I look at all the packets on my unmanaged switch?

I have several wndows computers on an unmanaged switched and I want to run some software on one of those computers that will view all the packets on that switch, not just the ones addressed to the specific monitoring computer.

What's a good free or inexpensive piece of software to look at all switch activity from a single PC?

Thanks.
gateguardAsked:
Who is Participating?
 
TAOSACommented:
Sorry - Windows key interruption

What you are talking about is a packet sniffer on a switch but several pieces of essential information are lacking.  

1) Is this switch set up to bridge packets?  
    If bridging is turned on then every port sees every packet and can be used to monitor traffic to and from all attached nodes.  

2) Is there a monitoring port on the switch?
    This port 'sees' all packets on the switch and can be used to monitor individual packets on all ports.

3) Have you put your network card in permiscuous mode?  
    Permicsuous mode means the interface will pay attention to all packet traffic - not just those addressed to it.  In non-permiscuous mode, packets not addressed to the interface are dropped/ignored.  

4) Have you consulted your legal department?
    As a CISSP I have to inform you that monitoring the packet traffic of others can have serious legal ramifications.  You could be subject to fines and imprisonment.  Got that out of the way, now I can move on.

If there is no monitoring port, you cannot do this unless all traffic passes through, say, a router or backbone switch.  In that case, you can monitor traffic directly on the router or backbone switch.  In Cisco, I think the command used to be "debug ip packet" and produces an 'alert' for each and every packet.  Can be confusing when you're entering a command line and alerts keep pushing your entry line up the screen.  

Stay legal.    

With your network interface set to promiscuous mode, you need to run a sniffer application.  These can be downloaded as shareware.  Use caution when downloading; always use a reputable service.  Otherwise, you can purchase a sniffer commercially.  

If you are running a Windows domain controller, you have the option to install and run Network Monitor.  Here is a link describing the application.

http://technet.microsoft.com/en-us/library/cc938655.aspx
0
 
TAOSACommented:
What you are talking about is a packet sniffer on a switch but several pieces of essential information are lacking.  
1) Is this switch set up to bridge packets?  
    If bridging is turned on then every port sees every packet and can be used to monitor traffic

2) Is there a monitoring port?  
0
 
gateguardAuthor Commented:
It's a netgear fs605 unmanaged 5-port switch

i can't do anything about the internals of the switch

0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
gateguardAuthor Commented:
Thanks, Taosa, very thorough answer.

I own all three computers involved and am just trying to figure out a way to troubleshoot the single weirdest networking problem I have ever seen, so I'm not going to worry about the legal stuff.

But you've pointed me in the right direction with promiscuous mode.  I'm going to try that.

Thanks again for that detailed response.  I really do appreciate it.
0
 
gateguardAuthor Commented:
Great.  Thanks.
0
 
csalaskiCommented:
Wireshark is free.  http://www.wireshark.org/  It can capture all traffic on the line even if not addressed to that workstation. You can filter the results to see only what you want to look at.

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.