Hello, I have a critical issue with wireshark. I need to record my traffic on a lan, of one of my machine's ip. But when filtering on that IP and Port, i get nothing. (all the other traffic on lan i see perfect). This is critical for us to record this traffic, We have tried many workarounds such as switching between nic's and so on. Can you please Help? Thank you very much Lior. asked 08 Mar '11, 19:16  liorbnz |
One Answer:
You can distinguish between a faulty capture setup and a filtering problem by checking whether capturing without a filter is showing (unicast) packets for the IP you are trying to monitor. If it does, your capture setup is OK and you should focus on the filtering. If it does not, you need to focus on how to capture the packets. How are the systems connected? In particular, how are the machine you are trying to monitor and the capturing PC connected? Are you using span ports? HUB's? TAP's? to get the traffic to your capturing PC? Please have a look at http://wiki.wireshark.org/CaptureSetup to see whether the capture setup you are using could be faulty for this job? answered 09 Mar '11, 02:06  SYN-bit ♦♦ |
