How should I set up a new PC for Wireshark?

0

We are replacing Distributed Sniffers with PC's running Wireshark. I'm used to a 2 NIC scenerio- one to do the monitoring and one for communications. As we will be running these boxes remotely, are 2 NIC's needed/reccomended/not needed?

Thanks.

asked 06 Aug '12, 06:25

SteveBrady's gravatar image

SteveBrady
6112
accept rate: 0%

One Answer:
oldestnewestmost voted
1

I would say recommended. Makes life easier:

  • you don't need to remember to filter out your own traffic
  • you can sniff passively (Windows: remove all services/protocols from the sniffer interface)
  • you can reach it even if the sniffer port connected network is down (if separated networks)
link

answered 06 Aug '12, 07:12

Jaap's gravatar image

Jaap ♦
6.0k568
accept rate: 11%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×12
×5
×2

Asked: 06 Aug '12, 06:25

Seen: 433 times

Last updated: 06 Aug '12, 07:12

Related questions

Packet analyzer vs. Packet sniffer

packet sniffer to discover the root of a trojan spammer

sniffer setup help needed

Sniffer port down while Wireshark shows packets receive

Wireshark as a Protocol Analyzer

Disable dumpcap / WireShark as Protocol Analyzer only

How can I capture non-data packets (Beacon, Associate, etc.) on OS X?

Remote RTP monitor of second Tomato router using dual nics

how many remote destination available?

Remote Packet capture in version 1.82

about | faq | privacy | support | contact

powered by OSQA