This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Ideas for configuring catpure for outgoing Internet traffic?

0

At a site I monitor, the cable modem seems to go out often, and Comcast states the issue is internal to our network. We've tried 3 modems throughout the year, all with same results, so I would like to try caputuring packets to see if there may be malformed packets causing the problem.

Cable modem -> Passive HUB -> WatchGuard X55 Edge firewall WAN1 port. LAN0 port -> Dell Switch for internal network. I've setup a separate computer to act as the remote capture computer, and placed it on a hub between the cable modem and the firewall WAN0 port.

If this is the best method, what must I do on the firewall to reach that external PC? If it's set as DHCP client, will it interfere with the cabel modem picking up an IP from Comcast? I would like to run captures from a computer located on the internal LAN. Thanks for any help. Did not notice anything in docs discussing this.

Walt

asked 06 Jan '11, 13:10

Romseye's gravatar image

Romseye
6112
accept rate: 0%


One Answer:

0

The best thing to do in this case is to install second NIC on your monitoring PC and possibly plug that in to your firewall or DMZ. Then just VNC (for Linux) or Windows Remote Desktop to control that PC. That way your monitoring interface on your capture PC doesn't need to have an IP address, just on the management interface. (I use a USB-Ethernet dongle for this purpose quite often, and use the built-in Ethernet on my laptop for the packetcpature).

answered 06 Jan '11, 15:54

martyvis's gravatar image

martyvis
8911525
accept rate: 7%