Hi Guyz, I am a new bie in this world of wireshark. I have a set up where I need to sniff the communication between two devices.. Say A and B I have my laptop connected to a HUB with A and B and UPlink to this Hub is from a router. A , B and my laptop has got ips. So far so good. Now I start communication between A and B and start wireshark and listen to my ethernet interface connected to the hub( I have promiscus mode ON, and I am listening to the only ethernet interface I have) The communication sequence is
But I can see from the status of my device A that B has infact responded and B has got the result. But somehow my wireshark missed it. The only chance I see is B is sending a response of large size so that wireshark skips it. is that possible? My response at step 4 infact is large and is an xml file. So this is what I am assuming. can you provide any pointers on how to approach this issue?please? asked 26 Sep '12, 07:28  sree_ec |
One Answer:
No, Wireshark is not skipping the response because the file is too large. Wireshark does not know or care how large the file is. When B sends the XML file to A, B splits the file into individual data segments each small enough to be transmitted across the network, and sends each data segment in its own packet. This is what Wireshark will see--the individual packets, not the file. The individual data segments are then reassembled into the XML file by A. The difference between a large file and a small file is the number of packets that are required to transfer the file, not the size of the packets. Were there any capture or display filters in place when Wireshark was capturing the traffic? Is it possible for you to post a trace file that illustrates the problem at www.cloudshark.org? (But be careful about posting files that contain sensitive or confidential information.) answered 28 Sep '12, 12:46  Jim Aragon |
