I am using wireshark to monitor traffic on a server - Problem is, the computer I am using is only a terminal wired through the switch. Main line comes into the server which is relayed to multi-port switch (roughly 50 connections). Right now I get a lot of server communication between my it and my terminal but shows no information for other terminals. Can wireshark be configured to monitor ALL traffic in this environment?
Asked
Active
Viewed 123 times
3 Answers
2
You'll probably either need to put wireshark on the server itself, or set up a SPAN/Mirror port on a switch in front of the server to forward all traffic going through that interface
Hyppy
- 15,608
- 1
- 38
- 59
1
To monitor all of the traffic on switched ports that you aren't on, you will need to set up a SPAN or mirror port - how you do this (or whether you can do it) depends on which switch you are using.
Shane Madden
- 114,520
- 13
- 181
- 251
0
Switches generally don't show traffic for other addresses...That's pretty much the point of a switch. A lot of them can be switched to "promiscuous mode" for debugging though, so that'd be the first thing I'd try. A switch in promiscuous mode will broadcast every packet it gets, so you can see the full range of traffic.
The second thing is to put a machine inline between the server and the switch (or just run wireshark on the server) so that you can see the whole of the traffic.
Satanicpuppy
- 5,946
- 1
- 17
- 18