Solved

How can I look at all the packets on my unmanaged switch?

Posted on 2010-09-19
6
557 Views
Last Modified: 2012-05-10
I have several wndows computers on an unmanaged switched and I want to run some software on one of those computers that will view all the packets on that switch, not just the ones addressed to the specific monitoring computer.

What's a good free or inexpensive piece of software to look at all switch activity from a single PC?

Thanks.
0
Comment
Question by:gateguard
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 2

Expert Comment

by:TAOSA
ID: 33711025
What you are talking about is a packet sniffer on a switch but several pieces of essential information are lacking.  
1) Is this switch set up to bridge packets?  
    If bridging is turned on then every port sees every packet and can be used to monitor traffic

2) Is there a monitoring port?  
0
 

Author Comment

by:gateguard
ID: 33711048
It's a netgear fs605 unmanaged 5-port switch

i can't do anything about the internals of the switch

0
 
LVL 2

Accepted Solution

by:
TAOSA earned 500 total points
ID: 33711076
Sorry - Windows key interruption

What you are talking about is a packet sniffer on a switch but several pieces of essential information are lacking.  

1) Is this switch set up to bridge packets?  
    If bridging is turned on then every port sees every packet and can be used to monitor traffic to and from all attached nodes.  

2) Is there a monitoring port on the switch?
    This port 'sees' all packets on the switch and can be used to monitor individual packets on all ports.

3) Have you put your network card in permiscuous mode?  
    Permicsuous mode means the interface will pay attention to all packet traffic - not just those addressed to it.  In non-permiscuous mode, packets not addressed to the interface are dropped/ignored.  

4) Have you consulted your legal department?
    As a CISSP I have to inform you that monitoring the packet traffic of others can have serious legal ramifications.  You could be subject to fines and imprisonment.  Got that out of the way, now I can move on.

If there is no monitoring port, you cannot do this unless all traffic passes through, say, a router or backbone switch.  In that case, you can monitor traffic directly on the router or backbone switch.  In Cisco, I think the command used to be "debug ip packet" and produces an 'alert' for each and every packet.  Can be confusing when you're entering a command line and alerts keep pushing your entry line up the screen.  

Stay legal.    

With your network interface set to promiscuous mode, you need to run a sniffer application.  These can be downloaded as shareware.  Use caution when downloading; always use a reputable service.  Otherwise, you can purchase a sniffer commercially.  

If you are running a Windows domain controller, you have the option to install and run Network Monitor.  Here is a link describing the application.

http://technet.microsoft.com/en-us/library/cc938655.aspx
0
Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

 

Author Comment

by:gateguard
ID: 33711088
Thanks, Taosa, very thorough answer.

I own all three computers involved and am just trying to figure out a way to troubleshoot the single weirdest networking problem I have ever seen, so I'm not going to worry about the legal stuff.

But you've pointed me in the right direction with promiscuous mode.  I'm going to try that.

Thanks again for that detailed response.  I really do appreciate it.
0
 

Author Comment

by:gateguard
ID: 33711089
Great.  Thanks.
0
 
LVL 3

Expert Comment

by:csalaski
ID: 33711092
Wireshark is free.  http://www.wireshark.org/  It can capture all traffic on the line even if not addressed to that workstation. You can filter the results to see only what you want to look at.

0

Featured Post

Report: Liquid Web beats Amazon, Rackspace & More

A study by performance analyst firm Cloud Spectator finds that Liquid Web beats rivals Amazon, Rackspace and DigitalOcean when it comes to website and cloud application performance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Let’s list some of the technologies that enable smooth teleworking. 
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question