Wireshark mailing list archives
Re: RE : Can't see http packets
From: "Lori" <Verdandi () bluewolfspirit com>
Date: Sat, 13 Mar 2010 23:12:22 -0500
You said previously:
I configured a port mirroring on port 16 from port 25 (I tried mirror in solo, mirror out solo, and both)
http://support.3com.com/documents/switches/baseline/Switch_2426_2226_2250_User_Guide.pdf [Page 71 covers Port Mirroring] Port 16 should be set as Port Type Monitor Port 25 should be set as Port Type Mirror
From what I'm reading, your workstation is attached to Port 16 and port 25
is connected to your Internet access device. Hope this helps. Lori ----- Original Message ----- From: "Ronan SAVY" <R.SAVY () reponse fr> To: "Community support list for Wireshark" <wireshark-users () wireshark org> Sent: Saturday, March 13, 2010 9:31 AM Subject: [Wireshark-users] RE : Can't see http packets ok as i said i tried every option of monitoring port, may be the restriction seeing only broadcast come from my switches configuration... any hint where i should have a look on switche restriction? or may be on wireshark checking for unicast incoming, right? ________________________________________ De : wireshark-users-bounces () wireshark org [wireshark-users-bounces () wireshark org] de la part de Martin Visser [martinvisser99 () gmail com] Date d'envoi : samedi 13 mars 2010 11:35 À : Community support list for Wireshark Objet : Re: [Wireshark-users] Can't see http packets My guess is that if you are only seeing NBNS, DHCP, ARP, IGMP protocol packets you are only seeing broadcasts from the rest of the network. You might need to really check that your port mirroring is working correctly. Regards, Martin MartinVisser99 () gmail com<mailto:MartinVisser99 () gmail com> On Sat, Mar 13, 2010 at 2:03 AM, Ronan SAVY <R.SAVY () reponse fr<mailto:R.SAVY () reponse fr>> wrote: Hi I would like to grab the http packet in order to have a clear view of web usage before configuring some kind of filter over my compagnie network. Here is what I installed: I have a Windows XP SP3 workstation with wireshark installed on it and 2 nic one is a nvidia nforce and the other a D-link DFE-530TX I connected the D-link NIC on port 16 of my 3com 2226-SFP Plus Behind my 3 com switch I have 5 3com baseline switches connected in cascade On port 25 of my switch I have a Linksys BEFSX41 with on his wan my FAI modem going out on internet I configured a port mirroring on port 16 from port 25 (I tried mirror in solo, mirror out solo, and both) I checked that the D-link nick can work on promiscuous mode (using promqry) When I launch wireshark from station I can’t see any http traffic going out safe from SSDP protocol I also see other packet grab from other machine on my network, packet like : - NBNS - DHCP - ARP - IGMP Even when I browse internet on the workstation where wireshark is installed using the second NIC… I can’t see the HTTP request going through May be I did something wrong but I don’t know what? I checked the advanced option of my NIC to see if there is Checksum offload option.. but nothing. Any help would be most welcome as I have no more idea on what else I can do. thanks ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org<mailto:wireshark-users () wireshark org>> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org<mailto:wireshark-users-request () wireshark org>?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Can't see http packets Ronan SAVY (Mar 12)
- Re: Can't see http packets Martin Visser (Mar 13)
- RE : Can't see http packets Ronan SAVY (Mar 13)
- Re: RE : Can't see http packets Lori (Mar 13)
- Re: Can't see http packets Ronan SAVY (Mar 15)
- Re: Can't see http packets bart sikkes (Mar 15)
- RE : Can't see http packets Ronan SAVY (Mar 13)
- Re: Can't see http packets Martin Visser (Mar 13)
- Re: Can't see http packets Boonie (Mar 15)