How do i connect wireshark to a router, so that i can view the packets that are flowing through the router? Maybe if there is something like this: dst host xxx.xxx.xxx.xxx . Am I on the right way? asked 27 Jan '14, 08:01  Beginer |
One Answer:
You can't "connect" Wireshark to a router. You can only capture packets on a system that Wireshark runs on, or open a capture file that was already saved to disk by TCPdump or similar tools. So no, unfortunately you're not on the right way. You need to find out if your router has a feature to write packets to disk/sdcard/usb key, otherwise you're out of luck. Maybe it has a port mirroring feature ("SPAN") that allows you to copy packets to an interface Wireshark listens on though. answered 27 Jan '14, 08:10  Jasper ♦♦ showing 5 of 11 show 6 more comments |
ohh.. i thought if I will be able to "connect" to router, so i will be able to trace all files whitch are traveling through router. If I write a filter dst host xxx.xxx.xxx.xxx , i can see only my traffic.
yes, because only packets that the router forwards to your PC will be captured. You'd need to get to the "inner workings" of the router to capture all its packets, and you can't do that from the outside.
So is there any option, any filter to get traffic that are traveling in whole network?
Unfortunately not anymore. In the past, when we were using "hubs" you could do that, because the whole network was half duplex and every packet was forwarded on every port. Since we're now on full duplex networks using switches it does not longer work that way. With the only exception of WiFi, of course, because with enough antennas you can capture everything (but not read it probably, because it should be encrypted).
So i will not be able to scan whole network. Thanks you've been helpful :)
Uhm, scanning is not the same as capturing. Scanning is an active process of sending packets to all nodes, while capturing is passive, collecting packets from other nodes. If you need to scan the network for active nodes, ports, etc, you should take a look at nmap. It can scan whole networks (depending on its size, and if you have the time)
Oh so it is not over yet. I think that i expressed wrong, sorry. But i was looking for nmap filter but i didnt find it? Probably i need to create it, am i right?
nmap is not a filter. It's a tool: http://nmap.org/
Sorry because i am stupid. I am starting to using wireshark. Thanks for all help you gave me.
No problem. Starting on a new topic is always hard. Just don't give up, and you'll get there ;-)
Thanks, i kinda like to learn more about wireshark. I hope i wont stop because it is probably amazing tool :)