0

Monitoring the all network traffic from one port on the switch and captured the all traffic by using wireshark. Here i found all packet captured in the summary result and it has dropped packet information also. This is some thing lost packets in the network or at the wireshark point? I was in ambiguous...i am testing in ethernet based and TCP/IP based protocol.

One more possible case if my server is installed with wireshark and its capturing the all packets coming and going from this point. At this point also found the packet dropped in the wireshark summary. So, this can i assume also complete packet loss from the network point of view?? Any one help in this issue....any explanation appreciated. thanks.... Chirug

chirug
  • 1
  • 1

1 Answers1

1

One important thing to remember is that you can only capture as much data as your computer and network card can handle. You can't capture every packet on a 16 port switch if the total bandwidth going through the switch is more than what can be sent to a single port.

Another option is that you aren't spanning across all ports. I'd double check the switch configuration.

In addition, there is a chance, while pretty rare, that the server you installed Wireshark on in the second paragraph was too busy to capture every packet that was sent or received. Wireshark (winpcap really) will do its best to capture everything, but it might not be able to if the system is too busy. Again, this is probably pretty rare.

Joe Doyle
  • 1,681
  • 14
  • 15
  • Thanks for the reply.Here my client and server are 100Mbps capacity and i am not exceeding with that limit when i am capturing from the network.Even when i am listening from one port also the limit is under the 100Mbps(This port also capable of handling the 100Mbps). So this might be correct when i am listening the complete network traffic from one port or capturing the traffic in the server it self shall give the good results. – chirug Oct 24 '10 at 12:20