SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
i have 3 other windows computers in my lan, when i run tcpdump it shows me the the packets in&out my NIC (eth0) only even i choose all interfaces. is there a way to see what the other computers in my lan doing in internet!
Quote:
root@darkstar:/home/tux# tcpdump -D
1.eth0
2.usbmon1 (USB bus number 1)
3.usbmon2 (USB bus number 2)
4.usbmon3 (USB bus number 3)
5.usbmon4 (USB bus number 4)
6.usbmon5 (USB bus number 5)
7.any (Pseudo-device that captures on all interfaces)
8.lo
"tcpdump -i eth0" should show you all traffic on your local lan segment. After you start tcpdump, check the end of /var/log/messages and you should see
": device eth0 entered promiscuous mode". My understanding is that not all cards/drivers support promiscuous mode though..
You also have to bear in mind that if you're using a switch rather than a hub for your network connection then you may not see traffic for other hosts anyway, as the switch will be sending them appropriately and your nic wll never see those frames. Again, my understanding is that WPA wireless networks work in the same way, so you'll only see broadcast frames.
Also, don't use the '-i any', as that won't use promiscuous mode.
actually um using a "TP-Link router" and every host is directly connected(no switches) to a router port. and also i see only the broadcast packets like u said./var/adm/messages say that it is in promiscuous mode.is it possible to check the packets in this case?
If you're not seeing any traffic except broadcasts when in promiscuous mode then it seems likely that your router contains an internal switch rather than a hub. Best advice I can offer is have a read through your router manual and see if there is any mention of switching and whether you can disable it.
That router is actually a router+switch.
You won't be able to see packages from other computers to that router.
Only "professional" switches and routers have the capability to mirror certain ports to another port, so that you can capture packages that are not supposed to go to your computer.
If you *really* need to see packages from all systems going to the internet for example, you might want to build a small Linux router (can be an older box, but it needs two NICs) and put it between the router and a cheap switch.
Just had a quick look around, and sadly, the old layer 1 repeating hubs are long gone. Seems everything is a switch these days. Pity, despite their drawbacks they were useful at times.
@GAZL yes it contains an internal switch but there is nothing indicating how to disable the switch :s
@niels.horn i don't have a professional router though , i don't *really* need to see packages from all hosts but i just was curious about that, i think i can't build that linux router um just linux newbie
@idnotcrae: When I installed my first Linux router I also was a newbie. That's the way we learn new things, especially if it's just a hobby project, without your boss wanting immediate results
not sure here, but as far as I know you could relay the traffic with arp poisoning. What I don't know is if you can do it on a separate branch of the router (if you connect each host to a port on the router and each of them is in a separate subnet), and I don't know if Linux hosts believe and accept the poisoning the same way as MS hosts do (at least <= XP do). This also means that all traffic of other hosts will go through your host thus will slow down connection speed. Check out Ettercap, although it is no longer maintained, it works well in some cases.
yup u r right it's the way we learn things, but for now i have other things keep my mind busy enough and have higher priority like learning the basics well first then other stuff like building routers will be well understood
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.