If suppose two parties are involved in a network communication over UDP/IP say P1 and P2. For a query made by P2, P1 responds with the response. If for some reason, the response was dropped by P2 at ethernet layer, does the wireshark running on P2's machine capture the response? Thanks in advance. asked 28 Nov '12, 22:58  SantoshB |
One Answer:
No, if wireshark is running on P2, it will only see the packets that the NIC forwards to the OS, so if the NIC already drops the packet, then Wireshark won't see it. That's one of the reasons why using a TAP or a spanport are preferred when analyzing network problems :-) answered 29 Nov '12, 00:39  SYN-bit ♦♦ |
Thanks SYN-bit for the information.