You are using a packet sniffer to capture transmissions between two remote systems. However, you find that you can only capture packets between your own system and another. What is the problem?
A.
You have configure your filter incorrectly
B.
You are sniffing packets in a switch network
C.
Tcpdump captures packets only between your host and another host
D.
Your system does not have its default gateway configured
Explanation:
In a switching network the switch transfers frames from the source port to the destination port. Suppose you have a 32-port switch. If a one remote system is on Port 1 and the other remote system is on port 20, then frames are switched between port 1 and 20. Unless you are connected to either port 1 or 20, or a special monitor port on the switch, you can’t see the traffic. Unlike a hub, where all ports see all the traffic, on a switch you only see frames being sent to the port you are connected to. All ports see the broadcast, since the switch is a single broadcast domain.
Incorrect Answers:
A: If the filter was incorrect, then you would not capture traffic between you and the remote network. If you got data in the capture, then the original capture should have gotten some data.
C: TCPDUMP is not restricted in this way. However, on Windows NT/2000 Server, network monitor DOES have this restriction.
D: Well if you can get to one of the remote systems, then the default gateway has to be there. If it wasn’t, or if it was wrong. You would not have reached one of the remote servers.