Using Wireshark


  1. St4vr0s
    Posts : 23
    Windows 7 Professional X64
       New #1

    Using Wireshark


    Hi, I am having problems with my anti virus on one of my servers. the tech support of the company have asked me to take a capture using wireshark while the anti virus is trying to update. I am however finding a problem with this. For obvious reasons I do not want to send them a full scan of my network...so I was hoping that if I run wireshark off my windows 7 workstation and apply a filter to wireshark so it only gathers packets from the servers IP address, then on the server set the antivurs to update will this collect the information?

    If I do this when im RDC'd into the server it only records packets between me and the server not the server and sophos. I am sure this is a problem with the filter I am applying in Wireshark which is "host XX.X.X.X".

    I dont supose anyone is experienced with wireshark that would be able to shed any light on where I am going wrong.

    Thanks in advance
      My Computer
    Quote Quote

  3. RayFinkle
    Posts : 52
    Windows 7 Pro 64bit
       New #2

    If you are on a switch, as opposed to a hub, you cannot use Wireshark the way you seem to think it works. Wireshark can only capture packets on the PC's interface where it is installed. You cannot tell it to capture packets on host xx's interface. A switch does not send all frames to all hosts. A switch learns the MAC addresses of the hosts and sends the frames to the corresponding interface. You must either run Wireshark on the host's interface where you want to capture the traffic; or you can do something like SPAN (or port mirroring) if your switch supports it.....ie, Cisco (SPAN), or Juniper (port mirroring)
      My Computer
    Quote Quote

  4. jfernandez
    Posts : 1
    Windows 7 Enterprise
       New #3

    Hi there,
    I found your details online and thought you might be able to help me. I’m working on the next e-zine for SearchNetworking.co.uk, which is focused on Next Generation Network Management.
    I wonder if you could help me with the piece. We want users to tell us about their experiences with Wireshark or any other next generation management system. The case study can be about EITHER cloud/virtualization networking management OR 40/100 Gigabit networking and management.
    Your experience looked like a good fit so I hope you can help me. Let me know your thoughts.
    Best
    Joe
    Joe Fernandez | TechTarget Ltd
    News Editor, Networking Media Group (Networking technology information, news and tips - SearchNetworkingUK)
    Office 410 - 417,
    4th Floor,
    Marble Arch Tower,
    London, W1G 0PW
    Office: +44 (0)207 868 4288
    Mobile: +44 (0)7717 532261
    AIM/Twitter: Joe_M_Fernandez
    Skype: joefernandez1985
    E-mail: jfernandez@techtarget.com
    TechTarget Ltd
    Where Serious Technology Buyers Decide
    www.techtarget.com
      My Computer
    Quote Quote

 

  Related Discussions
There is an application which download few files. I want to know the download link of those files. Can you tell me how you do. I know nothing about wireshark but know it can work. Or suggest me something else.
Wireshark?
in Network & Sharing

Can someone explain to me what wireshark is and what it does and what everything in this image represents.
WireShark
in Network & Sharing

The other day I installed WireShark 1.6.3 to see what's going on on my network more especially concerning DNS Traffic. So I filtered DNS traffic and I saw DNS questions asked on my local DNS Server (BIND). What I would like to know is: is it possible to see WHAT application asks DNS questions?...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 03:42.
Find Us