crp Posted September 9, 2014 Share Posted September 9, 2014 so i setup a laptop with wireshark to monitor a pc that is having performance issues. set up a filter of host 192.168.1.101 and the display only shows traffic originating with 192.168.1.101 but none where it is the target. i even tried a filter of (src host 192.168.1.101 or dst host 192.168.1.101) and same thing. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted September 10, 2014 Share Posted September 10, 2014 This might help: After installing and launching Wireshark, you’ll want to capture some network traffic. Choose Capture and then Options. Select the correct interface, and click Start. Once you have an idea of what kind of traffic you’re looking for, you can use the filters feature to capture specific packet types or omit specific traffic types. On the Options menu, you can also specify the amount of time or amount of data you want Wireshark to capture before stopping. This is useful since if Wireshark is run for an extended period of time, the file sizes can become unmanageably large. Click Start, and you’ll see traffic flowing in real time. If you haven’t configured an automatic stop, stop Wireshark when you’ve captured as much data as you want. Quote Link to comment Share on other sites More sharing options...
crp Posted September 30, 2014 Author Share Posted September 30, 2014 hi, crp, how is the laptop monitoring the pc? if the laptop and pc are plugged into the same switch, the only traffic you will see is broadcast traffic, as the switch will not pass packets bound for the pc to your laptop. that is by design. there are switches that can intentionally pass packets from the pc's port to the laptop's too - that is called "port monitoring" or "span". you'd have to google the model of the switch to see if it is even capable of such. less expensive switches won't do that. rsvp As i found out. i thought the dumb type (unmanaged) switches would be the ones that would enable 2 pcs on same switch. Apparantly not.which makes wireshark close to useless unless one hacks one's own network, by using Cain & Able to ARP poison. :sigh: Quote Link to comment Share on other sites More sharing options...
goretsky Posted October 1, 2014 Share Posted October 1, 2014 Hello, The other option would be to get an old 10Mbit/s Ethernet hub and plug both computers into that. On a hub environment, all traffic across the wire can be seen. These days, you wouldn't want to run any production gear at that speed, but its fine for troubleshooting. Regards, Aryeh Goretsky Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.