This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

If I am looking to capture traffic that is flowing in and out of my node, do I take wireshark off of promiscuous mode?

asked 24 Jul '14, 07:11

jwilliams1987's gravatar image

jwilliams1987
11112
accept rate: 0%


You could do that to limit what you capture, but in most cases it is not necessary. The results are pretty much the same if you're aiming at only capturing traffic of your own node, and not capturing at a TAP or SPAN port (which would give you much more data than just that of your node)

permanent link

answered 24 Jul '14, 07:18

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

I am looking to see if some freeware ,that is only supposed to put on the screen your system info, might open a backdoor or send info to a remote node elsewhere. So I am really only interested in traffic in and out of my node.

(24 Jul '14, 07:23) jwilliams1987

Go ahead and capture with promiscuous mode on or off. You can filter on your node IP afterwards to see what it did.

(24 Jul '14, 07:25) Jasper ♦♦

True. Thank you.

(24 Jul '14, 07:28) jwilliams1987
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×43

question asked: 24 Jul '14, 07:11

question was seen: 1,247 times

last updated: 24 Jul '14, 07:28

p​o​w​e​r​e​d by O​S​Q​A