Wireshark is very helpful in terms of troubleshooting network. I have encountered one time an intermittent connection over my network. I begin troubleshooting from top to toe but I can not find the source of problem. We're using fortigate firewall and I trace the source of problem by looking to fortigate monitoring where you can view server with more bandwidth used. I wonder why wireshark can't trace other activity in vlan network. I run wireshark in a server that connected in Vlan 12 (192.168.12.x)and other server is connected in Vlan 16 (192.168.16.x) with high bandwidth consumption. Why is it that wireshark can't monitor or sniff other vlan's and show only results that connected in vlan 12(192.168.12.x)? asked 30 Oct '13, 04:51  rayden edited 30 Oct '13, 07:23  cmaynard ♦♦ |
One Answer:
because the purpose of VLANs is to separate networks from each other!?! So, it's not Wireshark that is unable to capture the traffic, it's your switch that does not send any VLAN16 traffic into VLAN12! You need to activate port mirroring on your switch and mirror the traffic of VLAN16 to the port of your Wireshark system (should not be a productive system, as it might get flooded with that traffic!!). Here is a brief overview how to enable port mirroring for some switches: http://wiki.wireshark.org/SwitchReference Please also read this: http://wiki.wireshark.org/CaptureSetup/Ethernet#Capture_using_a_monitor_mode_of_the_switch BTW: Besides capturing (and analyzing) the traffic with Wireshark, you can simply check the port statistics of your switch to identify the system with 'very high bandwidth consumption'. If you just need to find the system, that's the way to go. If you need to know what that system sends and receives, you need Wireshark. Regards answered 31 Oct '13, 03:47  Kurt Knochner ♦ edited 31 Oct '13, 04:06 |
