On Mar 26, 2008, at 7:57 PM, Rudyard Wallen wrote:
OK, some of that went over my head but I think I got the gist. So I
guess the big question is: Is there a way to see HTTP on this network
combo of wired and wireless machines that all are connected to this
one
router?
Yes - run Wireshark/TShark, or dumpcap, or tcpdump/WinDump, on the
machine that's sending out and receiving the HTTP traffic.
You *might* be able to see that traffic from another machine if it's
wireless traffic and you're capturing on a machine/OS/driver/wireless
adapter that supports "monitor mode" (if it's Windows, monitor mode is
only supported in Vista, and even there it's not supported by WinPcap,
which is what Wireshark uses to capture traffic on Windows; you could
also get an AirPcap adapter:
http://www.cacetech.com/products/airpcap_family.htm
and use that, but they're not cheap).
If it's wired traffic (i.e., a machine plugging into an Ethernet
interface on the WRT54GS), you're probably out of luck, unless the
WRT54GS supports "port mirroring".
Update: I just connected my laptop via Ethernet to the router. My
tower
is running Wireshark. I see the IP address of my laptop (a Mac) but it
only shows IGMP, MDNS and UDP packets for that source IP. Could I have
this thing setup wrong?
IGMP is for managing multicast groups, so at least some IGMP packets
are probably multicast.
The "M" in "MDNS" stands for... multicast, so its packets are multicast.
The other UDP packets you're seeing are probably also broadcast or
multicast.
I.e., this is the same problem. You're plugging into a switch, which
means you aren't necessarily going to see all the traffic passing
through the switch; a switched Ethernet is different from a
traditional Ethernet in that fashion.
