I'm trying to determine what devices are using WINS on my network here at work. I'm running Wireshark with a port 161 filter from a server, but all I'm getting is traffic going to and from that server over port 161. How do I scan the entire network? Maybe nothing else is using that port?
That's because the switch your network is using only directs traffic to where it needs to go, not broadcasting every packet to the server.
There's a few options:
1) If the switch has a "Monitor" port, plug the wiresharking computer into that, and it will get all the packets going through the switch.
2) Replace the switch with a hub, hubs are dumb and send all incoming packets to all ports
3) MAC Flood the switch to force it into "FailOpen" Mode thereby turning it into, essentially, a dumb hub.
4) Using ARP Spoofing to redirect packets through the wiresharking computer.
[QUOTE=Tezzanator92;33919987]That's because the switch your network is using only directs traffic to where it needs to go, not broadcasting every packet to the server.
There's a few options:
1) If the switch has a "Monitor" port, plug the wiresharking computer into that, and it will get all the packets going through the switch.
2) Replace the switch with a hub, hubs are dumb and send all incoming packets to all ports
3) MAC Flood the switch to force it into "FailOpen" Mode thereby turning it into, essentially, a dumb hub.
4) Using ARP Spoofing to redirect packets through the wiresharking computer.[/QUOTE]
1. I'm running it off of a VM. Pretty much my only option.
2. Can't do that in an enterprise environment.
3. See number 2.
4. How?
Sorry, you need to Log In to post a reply to this thread.
