Wireshark-users: Re: [Wireshark-users] Can't see http packets
From: bart sikkes <b.sikkes@xxxxxxxxx>
Date: Mon, 15 Mar 2010 11:31:26 +0100
hello, but do you see other traffic then the mentioned broadcast traffic? what about when you test with ping, telnet, ftp, ..... i would focus on checking if you have the port monitoring setup correctly (perhaps try with other systems / ports), wireshark with default settings should just work if the traffic is being provided correctly in my opinion. greetings, bart On Mon, Mar 15, 2010 at 9:52 AM, Ronan SAVY <R.SAVY@xxxxxxxxxx> wrote: > Lori, > Thank for the link but it's what i effectively did, port 16 as monitor and port 25 as mirror (try all option, mirror in, mirror out and both) No luck so far...i keep on searching why I can't see http packet.. though whe I look in my NIC statistics in wireshark I see broadcast an multicast packet > > -----Message d'origine----- > De : Ronan SAVY > Envoyé : samedi 13 mars 2010 15:31 > À : Community support list for Wireshark > Objet : RE : [Wireshark-users] Can't see http packets > > ok > as i said i tried every option of monitoring port, may be the restriction seeing only broadcast come from my switches configuration... any hint where i should have a look on switche restriction? > or may be on wireshark checking for unicast incoming, right? > ________________________________________ > De : wireshark-users-bounces@xxxxxxxxxxxxx [wireshark-users-bounces@xxxxxxxxxxxxx] de la part de Martin Visser [martinvisser99@xxxxxxxxx] > Date d'envoi : samedi 13 mars 2010 11:35 > À : Community support list for Wireshark > Objet : Re: [Wireshark-users] Can't see http packets > > My guess is that if you are only seeing NBNS, DHCP, ARP, IGMP protocol packets you are only seeing broadcasts from the rest of the network. > > You might need to really check that your port mirroring is working correctly. > > Regards, Martin > > MartinVisser99@xxxxxxxxx<mailto:MartinVisser99@xxxxxxxxx> > > > On Sat, Mar 13, 2010 at 2:03 AM, Ronan SAVY <R.SAVY@xxxxxxxxxx<mailto:R.SAVY@xxxxxxxxxx>> wrote: > Hi > I would like to grab the http packet in order to have a clear view of web usage before configuring some kind of filter over my compagnie network. > Here is what I installed: > I have a Windows XP SP3 workstation with wireshark installed on it and 2 nic one is a nvidia nforce and the other a D-link DFE-530TX > I connected the D-link NIC on port 16 of my 3com 2226-SFP Plus > Behind my 3 com switch I have 5 3com baseline switches connected in cascade > On port 25 of my switch I have a Linksys BEFSX41 with on his wan my FAI modem going out on internet > > I configured a port mirroring on port 16 from port 25 (I tried mirror in solo, mirror out solo, and both) > I checked that the D-link nick can work on promiscuous mode (using promqry) > > When I launch wireshark from station I can't see any http traffic going out safe from SSDP protocol > I also see other packet grab from other machine on my network, packet like : > > - NBNS > > - DHCP > > - ARP > > - IGMP > > Even when I browse internet on the workstation where wireshark is installed using the second NIC. I can't see the HTTP request going through > > May be I did something wrong but I don't know what? I checked the advanced option of my NIC to see if there is Checksum offload option.. but nothing. > > Any help would be most welcome as I have no more idea on what else I can do. > thanks > > ___________________________________________________________________________ > Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx<mailto:wireshark-users@xxxxxxxxxxxxx>> > Archives: http://www.wireshark.org/lists/wireshark-users > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users > mailto:wireshark-users-request@xxxxxxxxxxxxx<mailto:wireshark-users-request@xxxxxxxxxxxxx>?subject=unsubscribe > > ___________________________________________________________________________ > Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> > Archives: http://www.wireshark.org/lists/wireshark-users > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users > mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe >
- References:
- [Wireshark-users] Can't see http packets
- From: Ronan SAVY
- Re: [Wireshark-users] Can't see http packets
- From: Martin Visser
- [Wireshark-users] RE : Can't see http packets
- From: Ronan SAVY
- Re: [Wireshark-users] Can't see http packets
- From: Ronan SAVY
- [Wireshark-users] Can't see http packets
- Prev by Date: Re: [Wireshark-users] Can't see http packets
- Next by Date: Re: [Wireshark-users] Can't see http packets
- Previous by thread: Re: [Wireshark-users] Can't see http packets
- Next by thread: Re: [Wireshark-users] Can't see http packets
- Index(es):