Wireshark mailing list archives
Re: Can't see http packets
From: bart sikkes <b.sikkes () gmail com>
Date: Mon, 15 Mar 2010 11:31:26 +0100
hello, but do you see other traffic then the mentioned broadcast traffic? what about when you test with ping, telnet, ftp, ..... i would focus on checking if you have the port monitoring setup correctly (perhaps try with other systems / ports), wireshark with default settings should just work if the traffic is being provided correctly in my opinion. greetings, bart On Mon, Mar 15, 2010 at 9:52 AM, Ronan SAVY <R.SAVY () reponse fr> wrote:
Lori, Thank for the link but it's what i effectively did, port 16 as monitor and port 25 as mirror (try all option, mirror in, mirror out and both) No luck so far...i keep on searching why I can't see http packet.. though whe I look in my NIC statistics in wireshark I see broadcast an multicast packet -----Message d'origine----- De : Ronan SAVY Envoyé : samedi 13 mars 2010 15:31 À : Community support list for Wireshark Objet : RE : [Wireshark-users] Can't see http packets ok as i said i tried every option of monitoring port, may be the restriction seeing only broadcast come from my switches configuration... any hint where i should have a look on switche restriction? or may be on wireshark checking for unicast incoming, right? ________________________________________ De : wireshark-users-bounces () wireshark org [wireshark-users-bounces () wireshark org] de la part de Martin Visser [martinvisser99 () gmail com] Date d'envoi : samedi 13 mars 2010 11:35 À : Community support list for Wireshark Objet : Re: [Wireshark-users] Can't see http packets My guess is that if you are only seeing NBNS, DHCP, ARP, IGMP protocol packets you are only seeing broadcasts from the rest of the network. You might need to really check that your port mirroring is working correctly. Regards, Martin MartinVisser99 () gmail com<mailto:MartinVisser99 () gmail com> On Sat, Mar 13, 2010 at 2:03 AM, Ronan SAVY <R.SAVY () reponse fr<mailto:R.SAVY () reponse fr>> wrote: Hi I would like to grab the http packet in order to have a clear view of web usage before configuring some kind of filter over my compagnie network. Here is what I installed: I have a Windows XP SP3 workstation with wireshark installed on it and 2 nic one is a nvidia nforce and the other a D-link DFE-530TX I connected the D-link NIC on port 16 of my 3com 2226-SFP Plus Behind my 3 com switch I have 5 3com baseline switches connected in cascade On port 25 of my switch I have a Linksys BEFSX41 with on his wan my FAI modem going out on internet I configured a port mirroring on port 16 from port 25 (I tried mirror in solo, mirror out solo, and both) I checked that the D-link nick can work on promiscuous mode (using promqry) When I launch wireshark from station I can't see any http traffic going out safe from SSDP protocol I also see other packet grab from other machine on my network, packet like : - NBNS - DHCP - ARP - IGMP Even when I browse internet on the workstation where wireshark is installed using the second NIC. I can't see the HTTP request going through May be I did something wrong but I don't know what? I checked the advanced option of my NIC to see if there is Checksum offload option.. but nothing. Any help would be most welcome as I have no more idea on what else I can do. thanks ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org<mailto:wireshark-users () wireshark org>> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org<mailto:wireshark-users-request () wireshark org>?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Can't see http packets Ronan SAVY (Mar 12)
- Re: Can't see http packets Martin Visser (Mar 13)
- RE : Can't see http packets Ronan SAVY (Mar 13)
- Re: RE : Can't see http packets Lori (Mar 13)
- Re: Can't see http packets Ronan SAVY (Mar 15)
- Re: Can't see http packets bart sikkes (Mar 15)
- RE : Can't see http packets Ronan SAVY (Mar 13)
- Re: Can't see http packets Martin Visser (Mar 13)
- Re: Can't see http packets Boonie (Mar 15)