locked
Capture traffic from all the domain RRS feed

  • Question

  • Hi,

    I need to capture what's happening in all the pc of my domain because I want to know when a pc is downloading something from internet. Perhaps the best sollution would be to be able to read the NICS of each PC.

    Is this possible to do this with network monitor? I mean, to read the traffic of the NICS.

    I think I should use the API because I'd have to capture and write in a file  when a pc connects to a web page for downloading something.

    Can anybody help me?

    Thanks in advance.

    Regards.

    Wednesday, March 27, 2013 2:24 PM

Answers

  • That should be possible if all the PCs are on the same physical network segment.  You will need to enable promiscuous-mode capture in NetMon.  In addition, you will need either an old dumb hub or a switch with port mirroring, given that modern hubs/switches filter out non-broadcast frames not destined for the local PC.  With a dumb hub or a monitoring port to which the network port is mirrored, a single PC with NetMon in promiscuous mode should be able to capture all traffic on the segment.

    :-( + :-) = :-) :-)

    • Marked as answer by Paul E Long Thursday, April 25, 2013 2:12 PM
    Saturday, March 30, 2013 10:08 AM