Wireshark mailing list archives
Re: Capturing network traffic using wireshark remotely
From: Chan Min Wai <dcmwai () gmail com>
Date: Fri, 29 Jan 2010 11:59:03 +0800
If that is a cisco switch I bet that you can do a port mirroring on the Physically connected port for PC1 and PC2 (any will do) Then you can "forward" it to your capturing PC. I don't see any problem there.... Simple. On Fri, Jan 29, 2010 at 6:28 AM, Jaap Keuter <jaap.keuter () xs4all nl> wrote:
Hi, A real hub just kills your network performance, can have adverse effects having your network drop to half duplex. A network tap could help, or the shark appliance maybe? https://blog.wireshark.org/2010/01/shark-appliance-preview/ Thanks, Jaap Michael Glenn wrote:"But, question is can I get the capture without doing port mirroring?" Nope; connections on a switch are strictly point-to-point for anything except broadcast packets: Any traffic between 1 & 2 won't even show up on the line to 3. Only thing I can suggest is that you find a dumb hub (*not* a switch!) and connect it somewhere along the line between 1 & 2, then connect machine #3 to the hub. >>> sean bzd <seanbzd () gmail com> 01/28/2010 15:21 >>> Folks, Need some advice/help here. *_We have a scenario:_* 3 Windows machines all connected to the same Cisco Switch. Machine1 and Machine2 are exchanging some data that need to be captured. Ideally, I could install wireshark on either Machine1 or Machine2 and capture all the traffic being exchanged between the two. But since these are production machines, we don't want to change/install anything on these 2 machines. Is there a way I can install wireshark on Machine3 and capture the traffic between Machine1 and Machine2? I know I can do port mirroring on the Cisco switch and capture it from Machine3. But, question is can I get the capture without doing port mirroring? I see that the capture Options dialog box in wireshark has an option for Local Vs. Remote interface? What is it used for? Has anyone used this before? Thanks for your help. Sean.___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Capturing network traffic using wireshark remotely sean bzd (Jan 28)
- Re: Capturing network traffic using wireshark remotely Jaap Keuter (Jan 28)
- Re: Capturing network traffic using wireshark remotely Forthofer Russ (Jan 28)
- Re: Capturing network traffic using wireshark remotely Robert Bayley (Jan 29)
- Re: Capturing network traffic using wireshark remotely Michael Glenn (Jan 28)
- Re: Capturing network traffic using wireshark remotely Jaap Keuter (Jan 28)
- Re: Capturing network traffic using wireshark remotely Chan Min Wai (Jan 28)
- Re: Capturing network traffic using wireshark remotely Jaap Keuter (Jan 28)