Ask Your Question
0

From where does wireshark get the traffic? Where does it reside?

asked 2019-08-08 16:44:14 +0000

Keerthi gravatar image

It's awesome. But I would like to know from where does wireshark get the info about the packets running through the network. I mean... Where does it reside? We install it in our system but could catch the packets in the whole network... so excited to know more about the working of this really awesome tool... I would like to know the working of wireshark in more detail.

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
1

answered 2019-08-08 17:43:45 +0000

Guy Harris gravatar image

Wireshark gets the raw octets in the packets on a network from a network adapter (NIC) connected to that network, just as the networking stack on your machine (the software that implements TCP/IP) does. If a NIC on your machine didn't receive those packets, your machine wouldn't be able to communicate on the network to which that NIC is connected.

If you want to know how a NIC receives packets, you'll have to look up how that type of NIC works; that's not a Wireshark issue - Wireshark's just a user of the NIC.

If it's getting traffic that's not explicitly being sent to your machine and neither being broadcast nor multicast, the NIC is probably in promiscuous mode or monitor mode.

edit flag offensive delete link more
0

answered 2019-08-08 16:58:51 +0000

grahamb gravatar image

You seem to have a few basic questions. Have you read the Wireshark User's Guide, there's lots of helpful info there?

edit flag offensive delete link more

Comments

Yes. I read the starting pages of that. But I couldn't find where does it reside. Sitting in our system, how could it get the packets running throughout the network even if it is public? I am wondered

Keerthi gravatar imageKeerthi ( 2019-08-08 17:26:28 +0000 )edit

Wireshark, in general, captures the traffic that passes the Network Interface Cards( NICs) on the host on which Wireshark is running. Those NICs are in turn connected to a physical network, usually switched Ethernet.

grahamb gravatar imagegrahamb ( 2019-08-08 17:38:37 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-08-08 16:44:14 +0000

Seen: 541 times

Last updated: Aug 08 '19