http sniffer not working in a LAN setting

Question

Hi ,

I wrote a http sniffer program , first ran it in my standalone pc < fedora OS >, and it worked well. And when i tried this in a LAN setting < bus-LAN , fedora OS again > , and set the eth0 to promisc mode , the program captures only the URLs browsed by the system in which it is running , but not the ones browsed in neighbouring systems.. Am i missing something here.. i've heard people talk about " setting up subnets " , " use routers / additional ethernet cards " etc , but i dont really understand / know how to do / or even if i should be doing anything of that sort..

please help ..

Answer 1

Uhm... perhaps you are trying to make a sort of ethernet sniffer to capture other's computer traffic? It may or may not work, depending on the network to which you are connected. If you are connected to a reasonably smart ethernet switch, you will probably see only you pc's packets, broadcast packets (but they are not http...) and not much else. You must at least configure the ethernet switches so you port receives all the traffic. If you system administrator let you do it... Or maybe I am completely misunderstanding the question (sorry).

Answer 2

It sounds like you are on a switched network, and most home networks are switched these days because its faster. If you are on a hub, then you can see everyone on the network. The move to switched networks is NOT a security feature. You can still subvert other hosts on the network using ARP Cache Poisoning. There are Intrusion Prevention Systems (IPS) that can be used to prevent ARP Cache Poisoning.

Answer 3

Possibly your business LAN is running on a switch, which would prevent you from seeing traffic that is not either directed at you, or generally broadcast. See this entry from the Wireshark FAQ for an explanation (also the following entry).