This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

how many remote destination available?

0

Hi Everybody

How many remote destination will be available if I want to get reports from a PC ?

Regards

asked 09 Jul '12, 06:46

mm23's gravatar image

mm23
1222
accept rate: 0%

I'm not sure what you are looking for. Is the question about the max. number of remote capture devices that can feed captured packets to Wireshark in parallel?

(09 Jul '12, 11:58) Kurt Knochner ♦

Dear Kurt,

Actually i am a new guy and trying to learn and want to run Wireshark on my local network due to analysing and monitoring.Are you thinking am i able to use Wireshark to cover it or i should be choise other application?

Best Regards

(10 Jul '12, 10:45) mm23

Additional: It means i want to run a server and try to get different reports from remote serivce on Wireshark.Is it possible ? how i have to manage it to get faster speed and lower throughput on LAN?

(10 Jul '12, 10:48) mm23

One Answer:

0

I'm sorry, but I still don't understand. What do you mean by "and try to get different reports from remote serivce"? What kind of reports?

Let me guess: You want to analyze a performance problem between two locations (or two systems on a LAN) and you want to figure out why the connections are slow. Right?

If so, you have several options:

  • Sniff on a mirror port of your switch or use a TAP. That is the preferred method to get results that are not influenced by "something" on the affected systems itself. See here:

http://wiki.wireshark.org/CaptureSetup/Ethernet

  • Sniff on the affected systems itself, either only on one side of the communication or on both sides.

    • If you decide to sniff only one side, just run Wireshark on one of the affected systems. Please read the manual how to do that:

      http://www.wireshark.org/docs/wsug_html_chunked/

    • If you decide to sniff on both sides, you can either run Wireshark on both machines or you can use the remote capture feature of WinPcap.

http://www.winpcap.org/docs/docs_41b5/html/group__remote.html
http://www.wireshark.org/docs/wsug_html_chunked/ChCapInterfaceRemoteSection.html

Does that answer your question?

Regards
Kurt

answered 11 Jul '12, 00:16

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Dear Kurt

I am working on a company that those are more than 50 nodes( LAPTOP and PC's).The connection between those are Wireless and Ethernet but the people who are working there think that the connection speed on network to use server's is too low therefore i thought maybe i will be able to use Wireshark to find out this problem which means i have to run a Wireshark on a PC ( like a server ) and use from the remote service on Wireshark to get online reports from all off the destination. Perhaps it will be better to aks you that is the Wireshark a client-server application ?

Regards

(11 Jul '12, 02:55) mm23

but the people who are working there think that the connection speed on network to use server's is too low

In that case, I suggest to capture traffic on a mirror port of the switch where those server(s) is connected. However, there are no "simple" statistics in Wireshark that will tell you what is slow and why. You need a thorough understanding of the actual problem as user reports are often vague. You also need a good understanding of networking protocols. Wireshark is just a tool that can help in the process of analyzing the network traffic it's not a network health monitor tool or a application performance monitoring tool. There are commercial solutions for those things, but they are rather expensive.

If you feel that is all too complicated, there are several options (in the mentioned order) ;-)

  • Dive into the wonderful world of network troubleshooting and learn how to do it yourself. Start with some Wireshark videos on Youtube. Just search for Wireshark. They will give you a good idea what you can do with wireshark and how.
  • Hire a consultant who is able to do it for you
  • Throw some money at the problem and buy better equipment (network, server) in the hope it will improve things. Most of the time it does not ;-))
(11 Jul '12, 04:09) Kurt Knochner ♦

Dear Kurt

Thank you very much for your co-operation.

Regards

(11 Jul '12, 07:06) mm23