Within my home LAN's topology, does the location of the PC running WireShark affect what WireShark sees? My agenda is that I just installed a VOIP gateway (IP addr 10.0.0.4) and, with WireShark running, expected to see a flurry of packets from 10.0.0.4 to somewhere outside of the LAN (the SIP). But I see nothing. Said VOIP gateway is connected directly to the only router - which is connected to a FIOS internet connection. Everything else, including the PC running WireShark, is connected to switches which, in turn, are connected to the router. asked 20 Feb '11, 12:27  PeteCress edited 20 Feb '11, 12:50 |
One Answer:
It is quite normal that you don't see anything of the VOIP gateway since it is connected to the router through a switch. Switches connect devices "directly", meaning that other devices on other ports will not see anything that goes on (which was what Hubs used to do: flood all packets to all ports). If you want to capture the traffic of your VOIP gateway you have to "get into" the communication flow. This is usually done either by inserting a hub (or tap if you want to go Pro) into it's switch link, or by using a monitor port (which, unfortunately, is only an option if your switch is manageable). With a Monitor port you can tell the switch to send a copy of the communication between router and VOIP gateway to your PC, which is then capturing it using Wireshark. If you have neither hub/tap nor monitor port option you're kinda out of luck, unless your VOIP gateway or router have capabilities to capture traffic themselves. answered 20 Feb '11, 13:18  Jasper ♦♦ |
You can have a look at the wireshark wiki for more info on the placement of wireshark.