Does wireshark have the capability to use remote capture agents in order to get an n-tier view of network traffic? i.e Client-> Web Server-> App server-> DB Server -> Mainframe... There are a number of non-Opensource tools that do this very well (Compuwares GTTA product is particularly good in this area.) It would be cool if you could do similar with Wireshark.(Or maybe you already can?) asked 04 Dec '13, 06:02  Ian Molyneaux |
2 Answers:
Wireshark can do that, e.g. when using the rpcapd capture daemon. If you open the capture options and click on the "Manage Interfaces" button you can see that there is a tab for remote interface configuration, where you can configure the details of the remote capture PC. answered 04 Dec '13, 06:12  Jasper ♦♦ |
yes, as @Jasper said, with rpcapd (part of WinPcap). rpcapd works on Linux as well (maybe also UNIX/*BSD), if you compile it from source. Please don't expect to get a rock stable, production quality tool, as it is not. It works, but ....
Well, Wireshark isn't necessarily the right tool for that kind of approach. Yes, you could probably build something similar with rpcapd, but I would'nt do it. Wireshark is superior for manual capture file analysis, but there are better tools to build a whole capturing infrastructure, with capture file indexing, archiving, etc. Regards answered 09 Apr '14, 13:33  Kurt Knochner ♦ |
How do i capture the traffic from my client on a network that this IP range different from mine?
currently I communicate with him through the VPN network.
can help me please?