Use wireshark to see LAN's other systems website traffic

unclesamcrazy · 02-29-2016, 06:42 AM

Hello Sir,

I have installed wireshark on my centos. I am able to open its UI.
There are more systems connected to same LAN whose IP range is same as mine i.e. 192.168.0.x

I want to see website list opened by other systems (not credentials, just websites what they are opening, nothing illegal), I have this monitoring task. I need to check if someone is downloading from torrents or someone is opening facebook and google plus all day or someone is listening on line music all day, this type of task I need to check.

Where should I go in wireshark menu to see these activities with their respective IPs. It would be fine if I would know IP and opened website name by it and nothing else (do not want to do any hacking or something)

Please help.

Thank You

TenTenths · 02-29-2016, 07:15 AM

If your LAN uses a switch you won't be able to see the other traffic due to the way switches work.

If you want to sniff all traffic on your network you'll either need a switch with a monitoring port (effectively a switch port that DOES see all the traffic going through the switch) or you'll need to transparently have your sniffing box between your network switch and your edge router/firewall.

unclesamcrazy · 02-29-2016, 07:46 AM

We are using Router but I am not sure, there is Network switch or not.
Isn't it any solution to see this data in wireshark.

Proxy server is the last solution, I would like to use because it will take lots of time and number of permissions.
Wireshark looks easy to use and it has good UI just I am not able to see the data what I want to see.

Thanks

btmiller · 03-01-2016, 07:09 AM

There's really no way to intercept all traffic from an unmanaged switch unless you do something seriously not nice such as exhausting its forwarding table so that it goes back to broadcasting all traffic on all ports (which will introduce serious lag and other problems into your network). As TenTenths said, most managed switches have some way to set up a monitoring port that all traffic can be mirrored to. If you have administrative access to your switch, you might want to look around in its configurationto see if you can find this option. If you have multiple PCs on the LAN, you probably have some sort of switch somehow.

The easiest thing honestly seems to put some sort of security gateway between the switch and the router; maybe just a Linux box that has a transparent bridge and running Wireshark. You can definitely use Wireshark for this - you just need to put your data collector someplace where it can see all traffic, e.g.:

Code:

<< Internet >>
    |
    |
  [ router ]
    |
    |
  [ Linux Wireshark collector ]
    |
    |
  [ switch ]
    / | \
<< workstations >>