This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

how do you capture all packets on network?

0

We have a network with a Cisco Lan/WLAN router and ethernet unmanaged Netgear 100MB and 1GB switches. Computers are Win XP Pro and Win 7 Pro. Need to capture all packets and discover cause of problem with POP3 emails intermittent send and recieve errors. We have isolated the problem to something on network is interfering with POP3. New to wireshark capturing. What is the best method to capture all packets on network? Where on network should we put the Win7 Pro machine with Wireshark to capture?

asked 08 Aug '13, 07:05

sacn's gravatar image

sacn
1111
accept rate: 0%


One Answer:

0

Your computers are connected to switched Ethernet network. Inherently this offers a point to multipoint service - it looks a little like a broadcast, the network devices manage who gets to see the traffic. Thus there isn't one point that sees all of the traffic. So either you have to arrange to have all enduser devices to connect to one big switch, or do the capture in multiple places. Also with unmanaged switches, you are not going to able to configure them to perform a port-mirroring role (which sends a copy of traffic to a single monitoring port). You maybe able to configure your Cisco to do this, but again it would only be able to mirror traffic that passes through it.

answered 11 Aug '13, 18:18

martyvis's gravatar image

martyvis
8911525
accept rate: 7%