TechTarget
Q

When running Wireshark, will adding a switch stop packet sniffing?

In this expert response, Peter Wood explains when a switch will provide protection from opportunistic packet sniffing

I am running a small network. I installed Wireshark on one of my hosts, but when I run Wireshark, I can see other hosts on the monitoring list. These hosts are directly connected to the router's ports. In this case, do I need to use a switch connected to the router?
When you're trying to run Wireshark, it depends on what you mean by "router". If you're talking about an ADSL router, for example, the LAN ports will most likely be switched already (rather than hubbed). What you are seeing may be broadcast traffic, in which case adding a switch would make no difference, since broadcasts have to be sent to every device in order for the network to function.

Traffic like Address Resolution Protocol (ARP ) requests will always be visible on every port, for example. If you are definitely seeing all packets from every device, then adding a switch would provide protection from opportunistic packet sniffing.

This was first published in May 2009

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close