Wireshark-users: [Wireshark-users] Can't see http packets

From: Ronan SAVY <R.SAVY@xxxxxxxxxx>
Date: Fri, 12 Mar 2010 16:03:23 +0100

Hi

I would like to grab the http packet in order to have a clear view of web usage before configuring some kind of filter over my compagnie network.

Here is what I installed:

I have a Windows XP SP3 workstation with wireshark installed on it and 2 nic one is a nvidia nforce and the other a D-link DFE-530TX

I connected the D-link NIC on port 16 of my 3com 2226-SFP Plus

Behind my 3 com switch I have 5 3com baseline switches connected in cascade

On port 25 of my switch I have a Linksys BEFSX41 with on his wan my FAI modem going out on internet

 

I configured a port mirroring on port 16 from port 25 (I tried mirror in solo, mirror out solo, and both)

I checked that the D-link nick can work on promiscuous mode (using promqry)

 

When I launch wireshark from station I can’t see any http traffic going out safe from SSDP protocol

I also see other packet grab from other machine on my network, packet like :

-          NBNS

-          DHCP

-          ARP

-          IGMP

 

Even when I browse internet on the workstation where wireshark is installed using the second NIC… I can’t see the HTTP request going through

 

May be I did something wrong but I don’t know what? I checked the advanced option of my NIC to see if there is Checksum offload option.. but nothing.

 

Any help would be most welcome as I have no more idea on what else I can do.

thanks