Using Wireshark

St4vr0s

St4vr0s

New member
Member
Hi, I am having problems with my anti virus on one of my servers. the tech support of the company have asked me to take a capture using wireshark while the anti virus is trying to update. I am however finding a problem with this. For obvious reasons I do not want to send them a full scan of my network...so I was hoping that if I run wireshark off my windows 7 workstation and apply a filter to wireshark so it only gathers packets from the servers IP address, then on the server set the antivurs to update will this collect the information?

If I do this when im RDC'd into the server it only records packets between me and the server not the server and sophos. I am sure this is a problem with the filter I am applying in Wireshark which is "host XX.X.X.X".

I dont supose anyone is experienced with wireshark that would be able to shed any light on where I am going wrong.

Thanks in advance
 

My Computer

Computer Manufacturer/Model Number
Acer M3910
OS
Windows 7 Professional X64
CPU
Intel i3 540
Motherboard
Intel HD57
Memory
6GB DDR3 1333Mhz
Graphics Card(s)
Palit (Nvidia 450) 1GB GDDR5
Monitor(s) Displays
2X 22" BenQ 2222HD
Screen Resolution
1024x768
Hard Drives
3x 1TB Western Digital 5400RPM
PSU
750W Phython
Case
Acer Aspire Black Nova
Keyboard
Serial Acer Keyboard
Mouse
Serial Acer Mouse
Internet Speed
50MB Cable
If you are on a switch, as opposed to a hub, you cannot use Wireshark the way you seem to think it works. Wireshark can only capture packets on the PC's interface where it is installed. You cannot tell it to capture packets on host xx's interface. A switch does not send all frames to all hosts. A switch learns the MAC addresses of the hosts and sends the frames to the corresponding interface. You must either run Wireshark on the host's interface where you want to capture the traffic; or you can do something like SPAN (or port mirroring) if your switch supports it.....ie, Cisco (SPAN), or Juniper (port mirroring)
 

My Computer

Computer Manufacturer/Model Number
ME!
OS
Windows 7 Pro 64bit
CPU
Intel i5 750 - OCed @ 3.57GHz
Motherboard
Gigabyte P55A-UD3
Memory
8GB DDR3
Graphics Card(s)
GTX260
Sound Card
onboard sound
Monitor(s) Displays
Dual 22" LCD
Screen Resolution
1680x1050 x 2
Hard Drives
removable - 2x Samsung F1 1TB; WD Caviar Black 1TB
PSU
I forgot - 750W Antec
Case
Antec P18something
Cooling
I blow on the CPU from time to time
Mouse
Logitech MX laser
Internet Speed
7Mb
Hi there,
I found your details online and thought you might be able to help me. I’m working on the next e-zine for SearchNetworking.co.uk, which is focused on Next Generation Network Management.
I wonder if you could help me with the piece. We want users to tell us about their experiences with Wireshark or any other next generation management system. The case study can be about EITHER cloud/virtualization networking management OR 40/100 Gigabit networking and management.
Your experience looked like a good fit so I hope you can help me. Let me know your thoughts.
Best
Joe
Joe Fernandez | TechTarget Ltd
News Editor, Networking Media Group (Networking technology information, news and tips - SearchNetworkingUK)
Office 410 - 417,
4th Floor,
Marble Arch Tower,
London, W1G 0PW
Office: +44 (0)207 868 4288
Mobile: +44 (0)7717 532261
AIM/Twitter: Joe_M_Fernandez
Skype: joefernandez1985
E-mail: [email protected]
TechTarget Ltd
Where Serious Technology Buyers Decide
www.techtarget.com
 

My Computer

OS
Windows 7 Enterprise
You must log in or register to reply here.

Similar threads

V
Solved How to capture traffic for a specific program using wireshark?
Replies
2
Views
6K
derekimo
D
U
Anyone here using ToolWiz Time Freeze on Win 7?
Replies
0
Views
4K
Uitlander
U
Mike Lynch
Solved Is the W7 O/S Backed-Up when using W7 Backup?
Replies
5
Views
5K
michael diemer
M
M
Solved Using Win 8 bootloader to secure-boot Win 7 ?
Replies
5
Views
108K
Muffin Top
M
A
Having problem using Arcsoft Photo Studio 5.5 all of a sudden
Replies
0
Views
2K
atikovi
A
Back
Top