Knowledge about capturing LAN data

Knowledge about capturing LAN data

Generally, the PC only accepts packets whose destination MAC address is its own Nic or broadcast or multicast.
However, if you set the network interface to the hybrid mode, the shared hub can directly capture all data communication in the network interface, however, it does not work for networks that can separate conflicting domain switches. This is because the switch cannot normally send data that does not belong to you to the port of your machine.

A switched network with the image function uses a switch as the network's central switch device. A switch works on the data link layer of the OSI model. Its ports can effectively separate conflicting domains. The network connected by the switch will separate the entire network into many small domains. If the vswitch in the network has the image function, you can configure the port image on the vswitch, and then install the network protocol analysis software on the host that connects the Image Port, in this case, the software can capture all the data communication in the entire network.
Although in the hybrid mode, the network adapter can accept and save all received packets, but if you do not have a port image, you cannot capture your own data. Simply put, the port image mirrors the data that passes through other switch ports to your port.
Therefore, to receive data from the entire network in the vswitch network, you must:
I. network cards work in hybrid mode
2. Make a port image for the vswitch.

Without the NIC hybrid mode, you cannot capture and analyze the network traffic flowing through your Nic through software.
No port image is used. You can only see the network traffic flowing through your network card, especially in the exchange environment
You cannot see the communication traffic of other machines unless the traffic type is broadcast or multicast.

Of course, you can also use other methods, such as ARP spoofing, to capture the data of the entire network.