Hi
I would like to grab the http packet in
order to have a clear view of web usage before configuring some kind of filter
over my compagnie network.
Here is what I installed:
I have a Windows XP SP3 workstation with
wireshark installed on it and 2 nic one is a nvidia nforce and the other a
D-link DFE-530TX
I connected the D-link NIC on port 16 of my
3com 2226-SFP Plus
Behind my 3 com switch I have 5 3com
baseline switches connected in cascade
On port 25 of my switch I have a Linksys BEFSX41
with on his wan my FAI modem going out on internet
I configured a port mirroring on port 16
from port 25 (I tried mirror in solo, mirror out solo, and both)
I checked that the D-link nick can work on
promiscuous mode (using promqry)
When I launch wireshark from station I can’t
see any http traffic going out safe from SSDP protocol
I also see other packet grab from other
machine on my network, packet like :
-
NBNS
-
DHCP
-
ARP
-
IGMP
Even when I browse internet on the
workstation where wireshark is installed using the second NIC… I can’t
see the HTTP request going through
May be I did something wrong but I don’t
know what? I checked the advanced option of my NIC to see if there is Checksum
offload option.. but nothing.
Any help would be most welcome as I have no
more idea on what else I can do.
thanks
