When I capture with Wireshark, why can I see any TCP packets other than packets to and from my machine, even though another analyzer on the network sees those packets?
You’re probably not seeing any packets other than unicast packets to or from your machine, and broadcast and multicast packets; a switch will normally send to a port only unicast traffic sent to the MAC address for the interface on that port, and broadcast and multicast traffic – it won’t send to that port unicast traffic sent to a MAC address for some other interface – and a network interface not in promiscuous mode will receive only unicast traffic sent to the MAC address for that interface, broadcast traffic, and multicast traffic sent to a multicast MAC address the interface is set up to receive. TCP doesn’t use broadcast or multicast, so you will only see your own TCP traffic, but UDP services may use broadcast or multicast so you’ll see some UDP traffic – however, this is not a problem with TCP traffic, it’s a problem with unicast traffic, as you also won’t see all UDP traffic between other machines. I.e., this is probably the same question as this earlier one; see the response t
Related Questions
- When I use tcpdump to capture packets, why do I see only packets to or from my machine, or why do I not see all the traffic Im expecting to see from or to the machine Im trying to monitor?
- When I use Wireshark to capture packets, why do I see only packets to and from my machine, or not see all the traffic Im expecting to see from or to the machine Im trying to monitor?
- Why doesn WinDump capture all the packets from the network?
