Ethereal-users: Re: [Ethereal-users] Others' Traffic.. no HTTP?
> I am using the filter:
>
> host 216.177.41.56
>
> to try to see all the traffic activity at that node (that node is elsewhere
> on the network from the machine ethereal is running on).
>
> However, when I stop capture, I do not see any http activity in the capture
> display, just other various network activity (it does capture a lot of
> traffic) at that machine. I am capturing in promiscuous mode, but I tried
> it without and the same result occurred.
Turning promiscuous mode off will not make things better, obviously - if
you're not running the capture on 216.177.41.56, and you're not running
in promiscuous mode, the only traffic you'll see to or from
216.177.41.56 is traffic from or to the machine on which you're running
the sniffer program.
> Is this normal?
Yes, if either
1) there *is* no HTTP traffic going to and from the machine at
the time;
2) the network is a switched network (which includes networks
using switched hubs) and the port into which the machine
running Ethereal is plugged is not set up to have traffic
between other ports mirrored to it;
3) the networking card you're using, or its driver, doesn't
allow whatever packet capture mechanism is being used by
Ethereal on your OS to put the card into promiscuous mode
(you would have to ask the vendor of the networking card, or
the supplier of the driver - whether it's the vendor of the
card or the supplier of the OS - whether this is the case);
4) the network is *really* busy and the packet capture mechanism
happens to drop the traffic for which you're looking.
I suspect the most likely explanation is 2). Bear in mind that, as
noted, there are "hubs" that are really switches, called "switched
hubs", so the fact that the network uses a "hub" does not, in and of
itself, mean it's not switched.
