Watch some tutorials and look at some guides if you can and it will start to make sense. Wireshark can get tricky because the flexibility allows multiple ways to accomplish nearly the same thing, depending on what exactly you're looking for. A more complex filter will be harder to enter but give you more defined results. Be aware that this might include multicast traffic and such from 1.2.3.2 that isn't destined for 1.2.3.1, however. For example, if you're monitoring the mirrored traffic of 1.2.3.1, set your filter to "host 1.2.3.2" to only see packets to/from that device. The most straightforward way is to only look for packets from the remote end. Here is where it can get tricky, because there are multiple ways to accomplish similar ends. In the capture filter area you will select your interface and enter a filter. When opening the program, you will be presented with a white screen to either open a saved capture or start a new one. The newest version, Wireshark 2, has a user interface that is much less intimidating than its predecessor. If you've never used WS, plan on spending 3.5-4 hours to get this working.Īs others have said, there's other options, but Wireshark is the de facto standard when it comes to traffic monitoring. Instructions for setting up capture filters in WS are available online.Īfter that, you just say "go" and it will show all the packets/frames in real time. Capture only packets with source IP = 1.2.3.1 and destination IP = 1.2.3.2ī. Capture only packets with dest IP = 1.2.3.1 and src IP = 1.2.3.2Ĭ. Capture only packets with source IP = 1.2.3.1 and destination IP = 216.58.213.175ĭ.
Connect both the workstation and the Wireshark machine to the switch and set up mirroring.Īssuming that WS can now see all the traffic going to the workstation, you'll want to set up a capture filter.Ī. If the switch that is currently serving your workstation doesn't support mirror or doesn't have an extra port, put a new, temporary switch between the workstation and the wall jack. Install Wireshark on a different, test workstation or laptop and connect it to the mirror port on the switch. Way 2: Use a switch's "port mirror" function to send all of the traffic that normally goes to the workstation port also to a second port. I don't recommend this because it's going to change the test environment. Way 1: Install Wireshark on the workstation. You'll need to have Wireshark (WS) be able to see the network traffic at the workstation's NIC. There's is a learning curve with Wireshark.
0 kommentar(er)
