Wireshark-users: Re: [Wireshark-users] Capturing network traffic using wireshark remotely
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Chan Min Wai <dcmwai@xxxxxxxxx>
Date: Fri, 29 Jan 2010 11:59:03 +0800
If that is a cisco switch I bet that you can do a port mirroring on the Physically connected port for PC1 and PC2 (any will do)

Then you can "forward" it to your capturing PC.

I don't see any problem there....

Simple.

On Fri, Jan 29, 2010 at 6:28 AM, Jaap Keuter <jaap.keuter@xxxxxxxxx> wrote:
Hi,

A real hub just kills your network performance, can have adverse effects having
your network drop to half duplex.
A network tap could help, or the shark appliance maybe?
https://blog.wireshark.org/2010/01/shark-appliance-preview/

Thanks,
Jaap

Michael Glenn wrote:
> "But, question is can I get the capture without doing port mirroring?"
>
> Nope; connections on a switch are strictly point-to-point for anything
> except broadcast packets: Any traffic between 1 & 2 won't even show up
> on the line to 3.
>
> Only thing I can suggest is that you find a dumb hub (*not* a switch!)
> and connect it somewhere along the line between 1 & 2, then connect
> machine #3 to the hub.
>
>
>  >>> sean bzd <seanbzd@xxxxxxxxx> 01/28/2010 15:21 >>>
> Folks,
> Need some advice/help here.
>
> *_We have a scenario:_*
>
> 3 Windows machines all connected to the same Cisco Switch.
> Machine1 and Machine2 are exchanging some data that need to be captured.
> Ideally, I could install wireshark on either Machine1 or Machine2 and
> capture all the traffic being exchanged between the two. But since these
> are production machines, we don't want to change/install anything on
> these 2 machines. Is there a way I can install wireshark on Machine3 and
> capture the traffic between Machine1 and Machine2? I know I can do port
> mirroring on the Cisco switch and capture it from Machine3. But,
> question is can I get the capture without doing port mirroring? I see
> that the capture Options dialog box in wireshark has an option for Local
> Vs. Remote interface? What is it used for? Has anyone used this before?
>
> Thanks for your help.
> Sean.
>

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe