When running Wireshark, will adding a switch stop packet sniffing?

Ask the Expert

When running Wireshark, will adding a switch stop packet sniffing?

I am running a small network. I installed Wireshark on one of my hosts, but when I run Wireshark, I can see other hosts on the monitoring list. These hosts are directly connected to the router's ports. In this case, do I need to use a switch connected to the router?

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

When you're trying to run Wireshark, it depends on what you mean by "router". If you're talking about an ADSL router, for example, the LAN ports will most likely be switched already (rather than hubbed). What you are seeing may be broadcast traffic, in which case adding a switch would make no difference, since broadcasts have to be sent to every device in order for the network to function.

Traffic like Address Resolution Protocol (ARP ) requests will always be visible on every port, for example. If you are definitely seeing all packets from every device, then adding a switch would provide protection from opportunistic packet sniffing.

This was first published in May 2009

 

COMMENTS powered by Disqus  //  Commenting policy