Wireshark mailing list archives

Re: How to use a "wireshark sniffer PC" to capture ftp flows between 2 terminals located on 2 # sub-networks ?

From: <Tim.Poth () bentley com>
Date: Mon, 4 Mar 2013 13:40:25 +0000

Personally if I was remote I would run try running dumpcap or tshark on the server(s) (the non-gui tools are lower 
overhead). There are cases where the load of running on the server will cause problem for the server (took a sql server 
down one time doing this) in those cases you will have to get someone local to 'tap' in using one of the methods on the 
wiki. For these types of situations in the past my company has built a box using a turbocap card and shipped it to a 
client's site to do captures. We give them the login info and got them to upload the data to us. When the issue was 
resolved we had them ship the box back to us.
Every situation is different, try different things until you find one you like / works.

-----Original Message-----
From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of AMEAUME, 
ALAIN (ALAIN)** CTR **
Sent: Friday, March 1, 2013 11:15 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] How to use a "wireshark sniffer PC" to capture ftp flows between 2 terminals located on 
2 # sub-networks ?

Thanks a lot for the info: i decide to insert a hub to simplify my cx -> so that I see all traffic which are 
broadcasted over any ports.

Still asking who to do if i'm very far from the hostA & B? and connected myself on a remote subnet ? maybe using the 
remote mirroring ? but for that i need user account to activate mirror session over switches ! ?

Anyhow, thanks all for your help.

Alain AMÉAUME


-----Message d'origine-----
De : wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] De la part de Tim.Poth 
() bentley com Envoyé : vendredi 22 février 2013 15:26 À : wireshark-users () wireshark org Objet : Re: 
[Wireshark-users] How to use a "wireshark sniffer PC" to capture ftp flows between 2 terminals located on 2 # 
sub-networks ?

There are lots of options for doing this, you might want to start by looking at this 
http://wiki.wireshark.org/CaptureSetup/Ethernet#Switched_Ethernet

You could do the route option but that seems to add a lot of complexity and will change your packet flow which may work 
against why you are capturing in the first place.

Hope that helps


-----Original Message-----
From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of AMEAUME, 
ALAIN (ALAIN)** CTR **
Sent: Friday, February 22, 2013 8:55 AM
To: Community support list for Wireshark
Subject: [Wireshark-users] How to use a "wireshark sniffer PC" to capture ftp flows between 2 terminals located on 2 # 
sub-networks ?

Hi users,

I'm interesting to know how to insert my PC laptop with wireshark as a" PC sniffer" between 2 terminals to capture ftp 
flows between them:

terminal "A" in sub-network x.y.A.1
terminal "B" in sub-network x.y.B.1
my PC laptop "C" on sub-network x.y.A.2 or x.y.B.2

using this configuration, I do not need to install wireshark on A & B !

I suppose that on "A" terminal I need to create a route from A.1 to B.1 passing thru "C", the same relatively to "B", 
then I will need also to declare on my laptop "C" a kind of "gateway" function to re-route the ftp flow, after capture, 
to its original destination  Is it what we call the NAT function on "C": and how to do it on the "C" laptop windows xp 
sp3 ?

Thanks for your help.

Alain
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Re: How to use a "wireshark sniffer PC" to capture ftp flows between 2 terminals located on 2 # sub-networks ? AMEAUME, ALAIN (ALAIN)** CTR ** (Mar 01)
- Re: How to use a "wireshark sniffer PC" to capture ftp flows between 2 terminals located on 2 # sub-networks ? Tim.Poth (Mar 04)
  - Re: How to use a "wireshark sniffer PC" to capture ftp flows between 2 terminals located on 2 # sub-networks ? AMEAUME, ALAIN (ALAIN)** CTR ** (Mar 04)
    - Re: How to use a "wireshark sniffer PC" to capture ftp flows between 2 terminals located on 2 # sub-networks ? Jaap Keuter (Mar 04)
    - Command line WLAN IO graph Steve Evans (Mar 04)
    - Re: How to use a "wireshark sniffer PC" to capture ftp flows between 2 terminals located on 2 # sub-networks ? AMEAUME, ALAIN (ALAIN)** CTR ** (Mar 05)