When running Wireshark, will adding a switch stop packet sniffing?

In this expert response, Peter Wood explains when a switch will provide protection from opportunistic packet sniffing

I am running a small network. I installed Wireshark on one of my hosts, but when I run Wireshark, I can see other hosts on the monitoring list. These hosts are directly connected to the router's ports. In this case, do I need to use a switch connected to the router?
When you're trying to run Wireshark, it depends on what you mean by "router". If you're talking about an ADSL router, for example, the LAN ports will most likely be switched already (rather than hubbed). What you are seeing may be broadcast traffic, in which case adding a switch would make no difference, since broadcasts have to be sent to every device in order for the network to function.

Traffic like Address Resolution Protocol (ARP ) requests will always be visible on every port, for example. If you are definitely seeing all packets from every device, then adding a switch would provide protection from opportunistic packet sniffing.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.