Wireshark-users: Re: [Wireshark-users] Welcome to the "Wireshark-users" mailing list

From: jack craig <jcraig@xxxxxxxxxxxxx>
Date: Thu, 11 Mar 2010 15:52:39 -0800
if you could go to and connect to that switch and also gain
admin control of the switch to adjust its monitor port to
where you plug in, you'd be all set. i do that here.

most switches offer the monitor port option or perhaps designate a hardcoded monitor port.

if that isn't possible, you could identify the switch port the servers are plugged into, drop a hub from the switch
then plugin both servers and your laptop to that hub, then again all the traffic is visible on the hub.

just some thoughts...



On 03/11/2010 03:06 PM, Clerveaux, Marie wrote:
Jack:
 
What about if the other two clients which I am trying to capture traffic for they connect to a different switch at another site than the site from where my laptop is connected to.
 
Thanks,
 

Marie C. Clerveaux
Network Engineer

EMI Music

150 5th Avenue

New York, NY 10011
Tel:  212-786-8535
Email: marie.clerveaux@xxxxxxxxxxxx

 

 

 

 


From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of jack craig
Sent: Thursday, March 11, 2010 5:51 PM
To: wireshark-users@xxxxxxxxxxxxx
Subject: Re: [Wireshark-users] Welcome to the "Wireshark-users" mailing list

first let me say , i am only getting started with wireshark.

i am not familiar with the remote server capture.

what i cn say is that wireshark can capture all it can see. permit me to illustrate by example.

my workstation is where i run wireshark from is on a switch with 30-40 other clients. on
the lan segment from the switch to me, to my eth0 interface normally sees only my local traffic.

but lets say i want to monitor one(or more) of the other switch clients.

i can go to my switch and assign my port as the monitor port.
that means that all other switch client traffic is also copied to my monitor port.
if i can see it, i can capture it.

now i can fire up wireshark and see what transpires to/from any of the other switch clients.

naturally your topology will differ, but i just wanted to point out it is possible to
capture remote client traffic if you take the right approach.

make sense?


On 03/11/2010 02:40 PM, Clerveaux, Marie wrote:
Jack:
 
The two remote server which I am trying to run wireshark capture are APP server and DB server, but the capture does not work with remote select feature.
 
Thanks,
 
 

Marie C. Clerveaux
Network Engineer

EMI Music

150 5th Avenue

New York, NY 10011
Tel:  212-786-8535
Email: marie.clerveaux@xxxxxxxxxxxx

 

 

 

 


From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of jack craig
Sent: Thursday, March 11, 2010 5:27 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Welcome to the "Wireshark-users" mailing list

what do you mean by remotely? if you are on a switch for example, your interface sees only your traffic.


On 03/11/2010 02:20 PM, Clerveaux, Marie wrote:
 
I have a problem. I installed wire shark client in my lattop
successfully.  After doing so, I was able to capture data locally on my
machine, but when I tried to capture remotely, I was not able to do so.
Please assist.

Thanks,

Marie C. Clerveaux 
Network Engineer

EMI Music

150 5th Avenue 

New York, NY 10011
Tel:  212-786-8535 
Email: marie.clerveaux@xxxxxxxxxxxx

 

 

 


-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of
wireshark-users-request@xxxxxxxxxxxxx
Sent: Thursday, March 11, 2010 5:18 PM
To: Clerveaux, Marie
Subject: Welcome to the "Wireshark-users" mailing list

Welcome to the Wireshark-users@xxxxxxxxxxxxx mailing list!

To post to this list, send your email to:

  wireshark-users@xxxxxxxxxxxxx

General information about the mailing list is at:

  https://wireshark.org/mailman/listinfo/wireshark-users

If you ever want to unsubscribe or change your options (eg, switch to or
from digest mode, change your password, etc.), visit your subscription
page at:

 
https://wireshark.org/mailman/options/wireshark-users/marie.clerveaux%40
emicap.com


You can also make such adjustments via email by sending a message to:

  Wireshark-users-request@xxxxxxxxxxxxx

with the word `help' in the subject or body (don't include the quotes),
and you will get back a message with instructions.

You must know your password to change your options (including changing
the password, itself) or to unsubscribe.  It is:

  InGodWT10

Normally, Mailman will remind you of your wireshark.org mailing list
passwords once every month, although you can disable this if you prefer.
This reminder will also include instructions on how to unsubscribe or
change your account options.  There is also a button on your options
page that will email your current password to you.

- --------------------------------------------------------------------




Music from EMI 

This e-mail including any attachments is confidential and may be legally privileged. If you have received it in error please advise the sender immediately by return email and then delete it from your system. The unauthorised use, distribution, copying or alteration of this email is strictly forbidden. If you need assistance please contact us on +44 20 7795 7000. 

This email is from a unit or subsidiary of EMI Group Limited. 

Registered Office: 27 Wrights Lane, London W8 5SW 

Registered in England No 229231.


N --------------------------------------------------------------------
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

  

-- 
Jack Craig
Software Engineer
831.461.7100 x120
www.extraview.com 

- --------------------------------------------------------------------




Music from EMI

This e-mail including any attachments is confidential and may be legally privileged. If you have received it in error please advise the sender immediately by return email and then delete it from your system. The unauthorised use, distribution, copying or alteration of this email is strictly forbidden. If you need assistance please contact us on +44 20 7795 7000.

This email is from a unit or subsidiary of EMI Group Limited.

Registered Office: 27 Wrights Lane, London W8 5SW

Registered in England No 229231.


N --------------------------------------------------------------------
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

-- 
Jack Craig
Software Engineer
831.461.7100 x120
www.extraview.com 

- --------------------------------------------------------------------




Music from EMI

This e-mail including any attachments is confidential and may be legally privileged. If you have received it in error please advise the sender immediately by return email and then delete it from your system. The unauthorised use, distribution, copying or alteration of this email is strictly forbidden. If you need assistance please contact us on +44 20 7795 7000.

This email is from a unit or subsidiary of EMI Group Limited.

Registered Office: 27 Wrights Lane, London W8 5SW

Registered in England No 229231.


N --------------------------------------------------------------------
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

-- 
Jack Craig
Software Engineer
831.461.7100 x120
www.extraview.com