Re: Capturing network traffic using wireshark remotely

["Michael Glenn" <MGlenn () cco state oh us>]

"But, question is can I get the capture without doing port mirroring?"
 
Nope; connections on a switch are strictly point-to-point for anything except broadcast packets: Any traffic between 1 
& 2 won't even show up on the line to 3. 
 
Only thing I can suggest is that you find a dumb hub (*not* a switch!) and connect it somewhere along the line between 
1 & 2, then connect machine #3 to the hub. 


> > > sean bzd <seanbzd () gmail com> 01/28/2010 15:21 >>>
Folks,
Need some advice/help here.

We have a scenario:

3 Windows machines all connected to the same Cisco Switch.
Machine1 and Machine2 are exchanging some data that need to be captured. Ideally, I could install wireshark on either 
Machine1 or Machine2 and capture all the traffic being exchanged between the two. But since these are production 
machines, we don't want to change/install anything on these 2 machines. Is there a way I can install wireshark on 
Machine3 and capture the traffic between Machine1 and Machine2? I know I can do port mirroring on the Cisco switch and 
capture it from Machine3. But, question is can I get the capture without doing port mirroring? I see that the capture 
Options dialog box in wireshark has an option for Local Vs. Remote interface? What is it used for? Has anyone used this 
before?

Thanks for your help.
Sean.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe