Warning: Before using Wireshark in promiscuous mode make sure that you have the required permissions to do so. Promiscuous mode, in a way, is packet sniffing and might be able to get rid of the job you currently have. (In simpler words, if you do not own the network or if you are not the network administrator then it can get you fired!)
Now, I am going to demonstrate this using my Fedora 13 box as a client (kept in New Delhi, India) and will connect to an Ubuntu 10.04 machine (kept in Florida, USA) using ssh. Let us check it out step by step.
- Install the wireshark using your package manager. You need to install wireshark as well as wireshark-gnome to get the GUI.
yum install wireshark wireshark-gnome
- Launch the wireshark. Do NOT start the analysis yet. We will first switch off the promiscuous mode.
- Go to "Capture" and select "Options" and uncheck the "Capture packets in promiscuous mode" check box.
- Select the interface you want to listen to. I will listen to eth0, which is usually the default for your first Network Interface. Also specify a capture filter. Check out this list for complete filters and their formats. I will write "host <ubuntu-maachine-ip-addess>".
- You are all set but again before clicking start double check that promiscuous mode is turned off. Click Start.
- Connect to the Ubuntu server using the Fedora box and the captured packets will be shown.
While I have warned you about the promiscuous mode, I encourage you to use it on virtual machine but for learning purpose only (or if you happen to have a small switch or something then create a network for yourself).