ARP – How to Capture ARP Reply Packets from All Hosts in the Network

In the usual case of several hosts connected to an ethernet switch, the switch only forwards frames out of the appropriate switch sockets. So once it has learned where a given MAC address is, frames directed to it will only go out of one switch socket.

For wireshark purposes, you very frequently want to see quite a lot of traffic which isn't destined for the monitoring host, and isn't broadcast.

Wireshark has a very good section on how to set things up so that you can capture the packets you want: https://wiki.wireshark.org/CaptureSetup/Ethernet

If you want to see packets for hosts which are connected by wifi, you can often use the same techniques if your not interested in traffic which is purely going wifi-host to wifi-host, and if you're not interested in wifi-specific information.

Assuming you have a monitor point 'm' for on the switch 'S' for capturing with host 'X', the following will capture traffic A<>B and A<>C but not B<>C:

       AP ..... wifi .......
       |               .   .
S==+===+===m===        Y   Y
   |       |           |   |
   A       X           B   C

If you want to see wired and wifi traffic including B<>C, you'll need something like this, with wired and wifi NICs in your monitoring machine, and have monitor mode available on your switch and wireless NIC.

What exactly is available therefore depends greatly on your equipment and also the specifics of your wifi encryption, if any.

       AP ...... wifi ......
       |      .        .   .
S==+===+===m= Y        Y   Y
   |       \ /         |   |
   A        X          B   C

For the complexities of monitoring wifi, see Wireshark's notes https://wiki.wireshark.org/CaptureSetup/WLAN