Q

When running Wireshark, will adding a switch stop packet sniffing?

In this expert response, Peter Wood explains when a switch will provide protection from opportunistic packet sniffing

I am running a small network. I installed Wireshark on one of my hosts, but when I run Wireshark, I can see other hosts on the monitoring list. These hosts are directly connected to the router's ports. In this case, do I need to use a switch connected to the router?
When you're trying to run Wireshark, it depends on what you mean by "router". If you're talking about an ADSL router, for example, the LAN ports will most likely be switched already (rather than hubbed). What you are seeing may be broadcast traffic, in which case adding a switch would make no difference, since broadcasts have to be sent to every device in order for the network to function.

Traffic like Address Resolution Protocol (ARP ) requests will always be visible on every port, for example. If you are definitely seeing all packets from every device, then adding a switch would provide protection from opportunistic packet sniffing.

This was last published in May 2009

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close