locked
Netmon general capability RRS feed

  • Question

  • REALLY basic question, but, does Network Monitor allow you to capture all the traffic on the network to which your computer is connected, or just only the traffic that leaves any and all of the NIC cards from your computer?
    Friday, May 21, 2010 6:47 PM

Answers

  • Actually a really good question beause there is a feature called permiscuous mode which puts the adpater in a special state where it will send all traffic on the wire to Network Monitor.  This option exist for each NIC you capture on in the Select Networks Dialog.  The problem is that network switches these day are so "smart" that they block you from seeing traffic unless it's directed to you or important broadcast traffic.  So you often will not be able to sniff as a 3rd party observer unless you confige the swith properly.  Hubs can be used as a work around, but be aware that there are even smart hubs we do something similar to blocking the traffic.

    BTW, in the scenario where you are monitoring VM traffic from the host, permiscuous mode is needed to see that 3rd party traffic.   Unfortunately traffic between VMs can't be captured in this manner unless the VM provides some kind of routing with a some kind of virtual switch.

     

    Paul

    • Marked as answer by Paul E Long Wednesday, May 26, 2010 3:16 PM
    Friday, May 21, 2010 7:10 PM