This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark installation in an organization

0

I am joined a research organization and they told me to setup wireshark on their server. Here we are using three server first one is data server(debian), second one is router and third one is print server where we install all the software, printer etc. I don't have any idea about wireshark setup for an organization.

I need to know following information.

On which server i have to installed wireshark. How to install on that server. How to access wireshark. Can I access wireshark from my windows system and if yes the how.

asked 10 Sep '14, 21:35

amit%20sharma's gravatar image

amit sharma
11223
accept rate: 0%


One Answer:

0

You don't say what technology is used for the router or print servers. I'll assume they are Windows servers to give a mix.

  1. Install the Wireshark suite on all three servers and on your PC
  2. On the Debian server create a script for each network interface to run dumpcap and use the -w option to specify where to write the data to - I recommend you also specify a ring buffer of multiple 200 MB files but be careful to create a ring buffer that doesn't fill the volume it writes to. Also don't write to a disk that is heavily used by the system to avoid performance impact.
  3. On the the Windows servers create a batch (command) file for each network interface to run dumpcap and use the -w option to specify where to write the data to - again specify a ring buffer of multiple 200 MB files being careful to create a ring buffer that doesn't fill the volume it writes to. As with Debian, don't write to a volume that may impact performance e.g. the C: drive, database logging volumes, etc.
  4. Use dumpcap to capture. Just run the scripts and batch files you have created to start and use Ctl-C to stop them.
  5. Transfer the captured trace files from the server to your PC using FTP (make sure you use binary mode) or SMB (via a file share on the server)
  6. Use Wireshark on your PC to do the analysis

I hope that helps.

Best regards...Paul

answered 14 Sep '14, 02:24

PaulOfford's gravatar image

PaulOfford
131283237
accept rate: 11%

Thank you for your answer

(14 Sep '14, 23:21) amit sharma