Hi there,
How do I eavesdrop on two other devices on the subnet.
I would like to use linux to eavesdrop traffic with tcpdump on a windows master and windows slave devices.
Ok, so what's your problem. That should be straightforward. Install Wireshark on the third-party node and sniff. Configure the filter on Wireshark to only display those two nodes.
I suggest you try it first and then post anything that you cannot get working.
Hello,
If what you are asking is "is there a way from a Linux host for me to see all the traffic going to and from two physically separate Windows hosts", then the simple answer is "no, there is not". Without there being something in place in your network infrastructure to make this possible (e.g. all hosts are connected to a hub rather than a switch - exceptionally unlikely these days, to put it mildly - or you have some kind of port mirroring/traffic replay configured on the switch to copy all the Windows server traffic to a dedicated interface on your Linux box) there's no way to do this.
On a modern switched TCP/IP network, each host only sees the traffic that is intended for it, or the traffic that has been broadcast to all hosts on the same sub-net. You will of course be able to see traffic between the Linux host and either of the two Windows hosts, but that is it - you won't be able to see traffic between the Windows hosts from your Linux host under normal circumstances.
But if what you want is indeed just to be able to see what traffic is passing between your Linux host and the two Windows hosts, then the advice is exactly as per @hicksd8's reply - use a packet sniffer at either (or both) ends, and see what you see. And if you have a problem in doing so, please come back to us with a full description of what that problem is, including any error messages your receive, and we can then take things from there.
Hope this helps !
3 Likes
Depending on topology, you might be able to capture traffic meant for the two windows host (assuming they are on the same subnet) using "promiscuous mode". But please be warned that deploying "promiscuous mode" is not an acceptable practice on a company network or at a work place.
But its fine if you own the network (say home network). If the intent is to learn then it might be easier to just simulate your network using GNS3 or similar tools.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.