Hello, I just want to know if Wireshark only collects information of client and server right? in between client and server there are many network components/elements. do we see that information also? for e.g. in wireshark log I see server is sending slow data but is it possible some router(or any network element in between client and server)may be slow? Thanks, Manju asked 08 Nov '12, 10:36  Manju007 |
One Answer:
Wireshark can show you whatever happens on the "network segment" you capture on. What "network segment" entails is a varying matter. For instance if you capture on an endpoint with an uplink to a switch you'll see the host traffic (to/from), broadcast traffic, multicast traffic for groups the endpoint has joined (in case of a multicast aware switch) and link-local traffic like IPv6 NDP, spanning tree and maybe switch specific traffic. But if the capture is taken from a monitor port it may be vastly different. Either you see all ingress and egress traffic of a collection of ports, or from a vlan, either with or without tags. Doing a capture on a switch or router uplink may show even other traffic, like OSPF, IS-IS, RIP or whatever. So, bottom line is it all depends on the point you capture at. answered 08 Nov '12, 12:05  Jaap ♦ |
