This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Snooping TCP packets for fixed IP systems

0

I am not an expert in networking but I am trying to connect two embedded systems in a network to snoop the TCP packets. Both the systems(lets say A and B) has fixed IP address and they communicate on a dedicated port. I am using PC (lets say system C) and Wireshark to snoop the TCP packets for debugging.

1) When I connected these systems(A,B and C) through a switch, I couldn't see any data on Wireshark. After some Googling I found that now a days switches are smart and they do flow control, that's the reason I couldn't see any data on the Wireshark.

2) I connected both the embedded systems (A and B) via USB to Ethernet adapters(one for each system) to a PC(system C) on which I was running wireshark. In Windows 7 there is an option to link both the network adapters via bridge, which I did by right clicking both the adapters and creating a bridge. I couldn't ping from system A to system B or vice-verse.

I just want to snoop the TCP packets on wireshark from these systems on a PC with out any switches(external hardware), is there any other way I can snoop the packets easily ? Your help would be appreciated tremendously and thanks in advance.

Emb

asked 21 Jun '13, 02:14

embdsp's gravatar image

embdsp
1112
accept rate: 0%


One Answer:

1

See the Wiki page on Capture Setup.

If you have two network adaptors in the Win 7 system (one should not be a USB one), then you can bridge the two and capture on the non-USB NIC.

In this sort of situation the easiest method is to buy a switch that will span or mirror a port to a monitoring port. The Netgear ProSafe Plus GS105E can be picked up cheaply from Ebay (other models of switches are available) and will do this. If buying a switch for this purpose make sure it can span or mirror, a basic switch won't do this, hence the need to pay a little more. The switch will come in handy for all sorts of things in the future.

answered 21 Jun '13, 06:58

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

I will buy the switch which you ahve recommended. This seem to be hassle free idea. Thanks for your help.

Cheers! Emb

(21 Jun '13, 09:39) embdsp

I got mine from an EU ebay seller for GBP 28 delivered. A bargain.

If an answer has solved your issue, please accept the answer for the benefit of other users by clicking the checkmark icon next to the answer. Please read the FAQ for more information.

(21 Jun '13, 09:44) grahamb ♦

Million thanks for you suggestion, I will go for the switch. Thanks again. Cheers! Emb

(21 Jun '13, 10:35) embdsp