This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Dual Wireshark processes

0

Is it possible to use one laptop to capture two different sniffs from two different vlans and if so, what NICS and windows OS does Wireshark support for this? We need to capture two different segments from one router at the same time and only want to use one laptop to do this. Is it possible, or will we need four separate laptops?

asked 26 Nov '12, 15:37

Rudy's gravatar image

Rudy
1111
accept rate: 0%


One Answer:

0

Basically your question comes down to wether or not you're able to get the relevant packets the NICs of the laptop. You can run multiple Wireshark (or better yet: dumpcap) processes on a single laptop, but you need to keep in mind that the data rate should not exceed the write speed of the disk, otherwise you'll lose packets.

So if you have one router, the question is if you can SPAN or TAP into the links and direct the frames to the laptop. If you can, (and the data rate is not too much for a single system) I see no problem. Maybe you could give a little schematic here which helps determining the point of capture so we can take a look at what you're trying to do.

answered 26 Nov '12, 16:46

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%