i assume my current switches are not managed. I have one or two 32 port cisco gigabit swtiches I bought at a garage sale but never consoled into. I had a CCNA 20 years ago, but have forgotten 99% of that, as I never got a job that used it. the learning curve to figure out how to reset the passwords on the ciscos would be difficult. I think one had a noisy fan. i thought that switches could put a port into promiscuous mode. my configuration: comcast<-->monoprice 8 port gigabit switch<-->monoprice 8 prt gb switch my desktop is on the first switch, the windows computers are on the second my computer is 10.0.0.182 there are 3 windows computers. I verified two of them are 10.0.0.26 and 10.0.0.56 the third I shutdown before thinking to verify its ip i presume the comcast router is the 10.0.0.1 address I see in the log using grep (10.0.0) and grep -v (10.0.0.182) i find, in my log file 10.0.0.25 10.0.0.26 10.0.0.56 carey@OptiPlex-7050:~$ cat wireshark|grep 10.0.0.25|wc -l 38 carey@OptiPlex-7050:~$ cat wireshark|grep 10.0.0.26|wc -l 1693 carey@OptiPlex-7050:~$ cat wireshark|grep 10.0.0.182|wc -l 32288 carey@OptiPlex-7050:~$ cat wireshark|grep 10.0.0.56|wc -l 19 which would imply the problem is my linux desktop... during the gathering of data above, i started up a zoom session on one windows computer and shut down another, probably the .25 one. as far as I could see, there was no local-only traffic. Carey
On 09/23/2025 11:16 AM CDT James Knott <james.knott@jknott.net> wrote:
On 9/23/25 12:08, CAREY SCHUG wrote:
I assumed wireshark wouild use promiscuous mode and record everything that went to/from comcast, no?
Only if it's in a position to see all the traffic. I got the impression there were multiple computers on your network. That implies a switch, which prevents a computer on one switch port from seeing traffic from another. You will need to use a data tap between that switch and the modem to intercept all the traffic.
Here are instructions for making one: https://forum.netgate.com/topic/144521/creating-a-data-tap?_=1732217084711
I used a 1 Gb switch, but these days you might want to get a faster one, depending on how fast your Internet connection is.
BTW, years ago, before I switched to pfSense, I used Linux for my router and could run Wireshark on it.