Re: Capturing network traffic using wireshark remotely

[Jaap Keuter <jaap.keuter () xs4all nl>]

Hi,

That still requires changes to either Machine 1 or Machine 2. See:
http://www.wireshark.org/docs/wsug_html_chunked/ChCapInterfaceRemoteSection.html

No really, you'll have to get into the switch for this.

Thanks,
Jaap

sean bzd wrote:
> Folks,
> Need some advice/help here.
>
> *_We have a scenario:_*
>
> 3 Windows machines all connected to the same Cisco Switch.
> Machine1 and Machine2 are exchanging some data that need to be captured. 
> Ideally, I could install wireshark on either Machine1 or Machine2 and 
> capture all the traffic being exchanged between the two. But since these 
> are production machines, we don't want to change/install anything on 
> these 2 machines. Is there a way I can install wireshark on Machine3 and 
> capture the traffic between Machine1 and Machine2? I know I can do port 
> mirroring on the Cisco switch and capture it from Machine3. But, 
> question is can I get the capture without doing port mirroring? I see 
> that the capture Options dialog box in wireshark has an option for Local 
> Vs. Remote interface? What is it used for? Has anyone used this before?
>
> Thanks for your help.
> Sean.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe