Wireshark-users: Re: [Wireshark-users] Connecting to a remote device

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Wed, 7 Feb 2007 19:36:23 -0800

On Feb 7, 2007, at 7:16 PM, Brian Wallen wrote:

I'm currently running a Watchguard Firewall box and using the Windows
program Winsyslog to monitor it's traffic.

"Monitor its traffic" in what sense?

The WinSyslog I found with Google is a syslog daemon, meaning that it receives syslog protocol (RFC 3164):

	http://www.ietf.org/rfc/rfc3164.txt

packets and logs the messages in them.

If that's the program you're running, that's not monitoring raw network traffic, it's just monitoring messages that the Watchguard box is sending, just as the syslog daemon that comes with UN*X systems can do.

Is there a way I can make
wireshark remotely connect to my firewall the same way that Winsyslog does?

If "the same way that Winsyslog does" is referring to logging syslog messages, no, you can't - Wireshrk is a raw network traffic capture and analysis program, not a higher-level "system monitoring" program to watch things such as syslog messages. (It can dissect the syslog protocol, but that no more makes it a syslog monitoring program than does its capability to dissect the HTTP protocol make it a Web browser.)