Hello, I would like to analyze my network using Wireshark. The problem I have one internet connection, but two networks which run from the one connection. This means that on my admin computer, I have two NICs. One for each network. My question is, say I wanted to monitor internet protocols, how could I work out which NIC my computer is using to get a route outside to the internet. Would I need to check the routing table? Both NICs have a connection to the internet and they both point to DNS servers on their own network. If I was to unplug one connection, the internet will continue to run on the other NIC and vice versa. Any help would be great. asked 25 Apr '12, 06:22  computer_guy |
One Answer:
Well, you're not saying which OS you're using, but if you're multihomed with two or more adapters that both have a default gateway that points to the internet the OS decides which card is preferred. So depending on your OS you could try look it up somewhere, but why not go for a short trial & error? Capture on each interface, one after the other, and do something on the internet. If Wireshark shows packets coming in and going out, you've got the interface that has preference. If you see traffic on both, well, you're even wiser, because that means you'll have to capture both to get it all. By the way, the current development version 1.7.x can capture on multiple NICs at the same time, so it might be worth trying it. But be aware that packets might get into the capture in the wrong order (happens to me all the time). answered 25 Apr '12, 06:28  Jasper ♦♦ |
Hi, Thanks for your detailed Answer. I had no idea about 1.7.x and you are right, it does do multiple NICs which is perfect.
I have found one way of working out which adapter the OS is using... When selecting capture interfaces on Wireshark, it shows a preview screen which shows the NICs and live packet transfers. Whichever NIC has the most transfer must be the one the OS is using!
Thanks again for your useful post.