Is it possible to sniff packets on other subnetworks?

0

I've been reading about packet sniffing and was wondering if it's possible for someone to sniff packets on subnetworks other than the one they're on. Since the point of a subnetwork is that devices within the subnetwork can only communicate with other devices within the subnetwork and the router, it seems like they wouldn't be able to sniff packets on other parts of the larger network. But since all the devices on the network have access to the router, wouldn't it be possible to sniff packets from devices in other subnetworks without changing the subnet mask?

Tristan

Posted 2014-08-27T19:51:24.063

Reputation: 3

Are you referring to logical separation (different IP subnet) or physical separation (different broadcast domain)? – Daniel B – 2014-08-27T19:59:47.090

Logical separation – Tristan – 2014-08-27T20:08:11.417

Answers

0

Yes it’s possible. But there’s still the switch—unless you make yourself a Man in the Middle (e.g. with ARP Poisoning), your network interface will only get packets matching its MAC address. The old hub days, when everyone received every packet, are long gone.

Your scenario, however, only applies to home networks. In a data center (well, basically any properly secured “enterprise” network), for example, switches are generally configured to prevent you from receiving any packet that isn’t directed to you. You could listen all you want—nothing else would ever arrive. And nothing “illegal” would ever leave, either. It’s basically a mini-firewall of sorts.

Daniel B

Posted 2014-08-27T19:51:24.063

Reputation: 40 502

See also the Wireshark Wiki page on Ethernet captures for information about capturing on switched networks.

– None – 2014-08-28T06:23:12.870

Asked: 2014-08-27T19:51:24.063

Viewed: 1 293 times

Active: 2014-08-27T20:15:00.207