Re: Capturing network traffic using wireshark remotely

["Robert Bayley" <robert.bayley () cacetech com>]

You also have the option to setup a Shark Appliance to capture data off the
network span or port tap.  Then you can use Pilot Console to remotely attach
to the Shark Appliance. Pilot Console is an enhanced Wireshark visual
analysis toolset. You can display, drill down, rewind, run alerts or report
network events. Check it out at http://www.cacetech.com/

 

 

 

From: wireshark-users-bounces () wireshark org
[mailto:wireshark-users-bounces () wireshark org] On Behalf Of Forthofer Russ
Sent: Thursday, January 28, 2010 12:36 PM
To: 'Community support list for Wireshark'
Subject: Re: [Wireshark-users] Capturing network traffic using wireshark
remotely

 

Remote capture is  a really cool, recent feature, but probably not
applicable here.  It would allow you to run rpcapd on Machine1 (or 2), and
then run Wireshark on Machine3 - using Machine1's interfaces as the capture
points.   If you don't already have Winpcap installed on Machine1, you would
need to do that.  Then you would need to start rpcapd.  Based on your
statement that you don't want to change/install anything, this is probably
not the way to go.

 

The only way to do this non-intrusively (AFAIK) is to span (mirror) the port
on the switch.  You could also install a network tap at one of the devices
(Machine1 or 2), but this would require a momentary network interruption.

 

  _____  

From: wireshark-users-bounces () wireshark org
[mailto:wireshark-users-bounces () wireshark org] On Behalf Of sean bzd
Sent: Thursday, January 28, 2010 3:22 PM
To: Community support list for Wireshark
Subject: [Wireshark-users] Capturing network traffic using wireshark
remotely

Folks, 

Need some advice/help here.

 

We have a scenario:

 

3 Windows machines all connected to the same Cisco Switch.

Machine1 and Machine2 are exchanging some data that need to be captured.
Ideally, I could install wireshark on either Machine1 or Machine2 and
capture all the traffic being exchanged between the two. But since these are
production machines, we don't want to change/install anything on these 2
machines. Is there a way I can install wireshark on Machine3 and capture the
traffic between Machine1 and Machine2? I know I can do port mirroring on the
Cisco switch and capture it from Machine3. But, question is can I get the
capture without doing port mirroring? I see that the capture Options dialog
box in wireshark has an option for Local Vs. Remote interface? What is it
used for? Has anyone used this before?

 

Thanks for your help.

Sean.

  _____  

The information contained in this e-mail and any accompanying documents is
intended for the sole use of the recipient to whom it is addressed, and may
contain information that is privileged, confidential, and prohibited from
disclosure under applicable law. If you are not the intended recipient, or
authorized to receive this on behalf of the recipient, you are hereby
notified that any review, use, disclosure, copying, or distribution is
prohibited. If you are not the intended recipient(s), please contact the
sender by e-mail and destroy all copies of the original message. Thank you. 

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe