Max Laier wrote:
[this is not necessarily the right mailinglist for this question, but ...]
Well, Wireshark has separate wireshark-dev and wireshark-users lists,
but tcpdump-workers is really the union of "tcpdump-users",
"tcpdump-dev", "libpcap-users" ("users" in the sense of people writing
libpcap-based applications), and "libpcap-dev" ("dev" in the sense of
people fixing or extending libpcap), so it's probably as good a list as any.
In a switched LAN you will only see broadcasts and packets destined to the
address(es) that are advertised behind your switch port. The sollution
is:
a) use the "monitor" port on your switch
b) use a hub rather than a switch
c) overflow the forwarding table of your switch to turn it into a hub
See
http://wiki.wireshark.org/CaptureSetup/Ethernet
for more information on capturing on a switched Ethernet.
That page refers to
http://wiki.wireshark.org/SwitchReference
which has pages for various switch vendors with instructions, or
pointers to vendor manuals with instructions, on using monitor
ports/mirrored ports/whatever the vendor calls them.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
