Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Considerations for running Wireshark through a core switch

I have a customer who has a remote office that is connected to their main office. The main office provides the Internet connection for that remote office. I have a call with the customer tomorrow to get more details (is the connection setup over VPN, what kind of router/switches they have, are they using NAT?, etc.), but over the next week, the customer would like me to connect a laptop with Wireshark to the core switch at the main office to attempt to capture traffic from one computer at the remote office to the Internet.

Do any of you have thoughts or recommendations on things I should take into consideration? I'm thinking I simply need to setup port spanning on the core switch port that is used as the uplink to the remote site, sending traffic to the port I've plugged my laptop into AND setup a capture filter to ONLY capture data on that port that is coming from that one computer on the remote network. Am I missing anything? Thank you.