When running Wireshark, will adding a switch stop packet sniffing?

Ask the Expert

When running Wireshark, will adding a switch stop packet sniffing?

I am running a small network. I installed Wireshark on one of my hosts, but when I run Wireshark, I can see other hosts on the monitoring list. These hosts are directly connected to the router's ports. In this case, do I need to use a switch connected to the router?

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
  • By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

  • Safe Harbor

When you're trying to run Wireshark, it depends on what you mean by "router". If you're talking about an ADSL router, for example, the LAN ports will most likely be switched already (rather than hubbed). What you are seeing may be broadcast traffic, in which case adding a switch would make no difference, since broadcasts have to be sent to every device in order for the network to function.

Traffic like Address Resolution Protocol (ARP ) requests will always be visible on every port, for example. If you are definitely seeing all packets from every device, then adding a switch would provide protection from opportunistic packet sniffing.

This was first published in May 2009


COMMENTS powered by Disqus  //  Commenting policy