I have a device which is set to automatically report to an external site. This device also had a web interface that I can log into by navigating to its ip address. When I navigate to the device's IP address, it is lighting up wireshark, and there is lots of activity. However, I detect no other packets. So if I don't go to the web interface and let wireshark sit there for a few hours, there are literally no packets detected with that ip address as the source. I know that the device is reporting because I am seeing the data on the external server showing up. Unfortunately, I do not have access that the external server's address. asked 01 Aug '12, 17:18 genesismachine |
One Answer:
I'm guessing that you are running Wireshark on your PC and that both the PC and the device are connected to a switch of some sort. So; Wireshark will see traffic to/from your PC (and the device). It will not see traffic between the device and the server since (basically) that traffic isn't (doesn't need to be) sent by the switch to your PC. See Capture Setup - Ethernet for more detailed info. answered 01 Aug '12, 18:27 Bill Meier ♦♦ edited 01 Aug '12, 18:34 |
Thanks, I'm buying a hub right now. I will plug the hub into the switch and my device+computer into the hub. In theory, that should work, right?
I'm pretty new to networking, but willing to learn (My background is EE).
Yes: assuming the "hub" really acts as a hub.
(I expect you've already read http://wiki.wireshark.org/HubReference, but if not, please review same).