views:

443

answers:

5

I have 2 network devices that talk to each other over Ethernet. I would like to sniff the traffic using Wireshark. But the devices are going through a switch. The switch routes the traffic to only the ports that need the data.

At another location I have a hub. All the traffic is repeated across all the ports.

Is there a way to tell the switch to send the traffic down my port also?

EDIT: This is an unmanaged switch.

+1  A: 

If the switch is a managed switch, it likely has a mode to act like a hub. Just be careful not to leave it like that.

Some will also have ways to mirror ports and such as well. You need to find out what kind of switch it is.

RE Edit: If it is unmanaged, then you are boned. Use a hub, a managed switch or run wireshark on the computer(s) affected.

Geoffrey Chetwood
A: 

The switch may have a management interface that lets you do that. Be warned that if you do, you'll wreck performance on the switch since everything attached to it will now have to deal with collisions.

RussellH
+1  A: 

Since this is an unmanaged switch, the only way that I can think of is to temporarily put a hub between the switch and one of the devices you want to monitor, then plug a laptop into that hub to do the monitoring. The laptop should now see all traffic between the device and the switch.

This is pretty easy since you can do it at the location of one of the devices. You just need a hub, two more lengths of CAT cable and the computer you are using to monitor with.

Rob Prouse
+2  A: 

You might want to look into ARP spoofing. http://en.wikipedia.org/wiki/ARP_poisoning

Jared
I was just going to submit this. This is probably your only alternative if you don't have access to the management port or can swap in a new router. Be warned that most would consider this hacking/cracking and might not look too kindly on it.
Ed Griebel
A: 

You could try a port redirector, like this one. You would configure one device to talk to your computer instead of the other device, and the redirector will send the data to the real target. There are several programs like this out there, or you could write your own.

Jon B