From time to time, network administrators have to use a sniffer to capture flows of packets . In a switched environment, packets are sent from a source to a destination and only the destination host can “see” the packet.
To be able to receive all the packets sent into a switched network, we have to configure two things:
- Put your NIC in “promiscuous” mode. The NIC will accept all the packets received even if not sent to its own MAC address.
- Send all the traffic to the port where is located your NIC. Depending on your switch, it’s called “mirroring”, “monitoring” or “copy” mode.
If the first requirement is easy to achieve (any software can put your NIC in promiscuous mode), configuring a switch requires access to the device, knowledge of the commands and network topology! Check out this SANS Institure White Paper about sniffing a switched network.
Why not build our own tapping device to intercept all the traffic sent on a cable? On Instructables, there is a tutorial to build your own passive network tap!
Just connect your computer running a software like Wireshark and grab a copy of all packets seen on the network! Of course, I assume that sniffers will only be used for debugging or test purpose on your OWN networks.