sniff data from switch/router

shan75 · Post by **shan75** » 12 Apr 2010, 11:46

i am in switched network. i want to set a sniffer to a switch/router?..i am using wireshark. but problem with selecting the interface. i know the router is Allied Telesis but i am cant select the right interface. is there any way to know the proper interface to sniff data?

thanks

Post by **ayu** » 12 Apr 2010, 11:50

You can't sniff data that goes to other machines (only if it comes from your computer *duh*) in a switched network.
You would have to be the "man in the middle" for that.

You can still sniff data going to your computer and leaving it by choosing the right interface. Normally people only have one NIC connected to choose the one you use for your Internet connection.

IceDane · Post by **IceDane** » 13 Apr 2010, 02:58

cats wrote:You can't sniff data that goes to other machines (only if it comes from your computer *duh*) in a switched network.
You would have to be the "man in the middle" for that.

You can still sniff data going to your computer and leaving it by choosing the right interface. Normally people only have one NIC connected to choose the one you use for your Internet connection.

And thus, there was the MITM attack.

shan75 wrote:i am in switched network. i want to set a sniffer to a switch/router?..i am using wireshark. but problem with selecting the interface. i know the router is Allied Telesis but i am cant select the right interface. is there any way to know the proper interface to sniff data?

thanks

You're going to have to use ARP spoofing to make the other computer/s on the network think you're the router, and the router think that you're the other computers.

So instead of data going like this: other computer -> router -> internet, it will go like this:
other computer -> router -> you -> router -> internet
internet -> router -> you -> router -> other computer

Ettercap is a good tool for this, even though it hasn't been updated for a while.