Wireshark-users: Re: [Wireshark-users] Getting traffic from entire network
From: "Pedro Tumusok" <pedro.tumusok@xxxxxxxxx>
Date: Wed, 2 Apr 2008 08:39:46 +0200


On Wed, Apr 2, 2008 at 8:31 AM, Trevor Bosaw <bosawt@xxxxxxxxxxxxxxxx> wrote:
Hey,

I am currently doing research using Wireshark to detect packet data.
Up to this date I have been doing this all on a single computer.
Instead I would like to collect more 'real world' data, and receive
packets from all of the computers on my network.  Is this possible?

It is a small network, with only a single modem connected to a single
wireless router (an Airport Extreme).  There are about a dozen
computers connected wirelessly to this router.

I guess my question is, is there some way to set a computer connected
to the router or modem that can run wireshark and capture the traffic
from all of these computers on the network?  I have thought of
possibly somehow connecting the modem to my computer and then my
computer to the airport extreme, and bridging the connection or
something, but I am not sure how to do this (especially since there is
only one ethernet input on the computer).

My budget is fairly high, so if there is something else I need to
purchase to do this, that is a possibility.


Get a switch that supports port mirroring and stick that between your modem and the router.
Then you will get all the traffic between your modem and the router atleast.

For all WLAN traffic ie just traffic from host to router/ap to another host,
I believe you need wlan card + driver that supports monitor mode in your host,
but since I never tried that, I am not 100% sure about the details.

http://wiki.wireshark.org/CaptureSetup/WLAN

--
Best regards / Mvh
Jan Pedro Tumusok

I know you love me
And you want to be Friends
And if you dont
at least you need to pretend