Dear friends
This is the scenario: There is a wireless ethernet connection between a modbus client and a server. There is an administrable L2 switch connecting them. I require to capture and analyze the traffic between both equipments using a laptop with Wireshark installed and a physical ethernet connection to the administrable switch.
The normal procedure is configurate a mirror port in the L2 switch, mirroring the traffic of the connection port to the client (or server), and connecting to the this mirror port.
After the capture is done, the packet analysis shows the traffic generated between client and server as expected, but also it show traffic generated by the connection of the laptop to the switch (shows the MAC / IP of the laptop). Also I can detect that some of the packets generated by the laptop goes through the wireless connection.
Probably you would advice to use a filter to avoid capturing the traffic generated by the laptop, applied after the capture, which solves the analysis problem, but in this particular case, it is required to avoid the traffic generated by the laptop, during the capture, because the wireless link is bandwidth limited (is an industrial 400 MHz radiolink of 170 kbps), so is very sensitive for any additional traffic.
So, in this scenario my question is what would be the correct way (equipment, connection, configuration) for an "strictly hearing" capturing procedure, avoiding any traffic generated by the connection of the capturing laptop. Is it possible in first way?
Thank you in advance for your help!