This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Can I capture traffic between two physical devices?

0

Hi All,

I have two bits of hardware connected to each other via an ethernet cable, they are basically two computerised controllers for a very advanced boiler, lets call them A and B, so A and B are not seeing each other and the vendor has told me to replace the ethernet cable which I have done already, but A and B still do not see each other.

To try and deep dive the issue I wanted to know if there is a way or is there any such device that I can plug in between A and B which would allow me to capture the network traffic, if any, between them, please bear in mind that A and B do not have any external monitor connections nor do they allow any interaction with the O/S installed on them, so does anything exist that would allow me to do what I want?

So at the moment it is like this ...

A -----EthernetCable ----- B

And what I want to do is this ...

A -----EthernetCable ----- NetworkCaptureDevice -----EthernetCable ----- B

I hope that makes sense! :)

Thanks

Jim

asked 30 Nov '15, 07:05

JimBob321's gravatar image

JimBob321
6224
accept rate: 0%


2 Answers:

1

You can use either a switch that will mirror or span ports, an old hub if you can find one, or for $$$ a network tap, or even a machine in the middle.

See the Wiki page on Ethernet Capture Setup, and the hub and switch reference pages.

answered 30 Nov '15, 07:25

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

0

It does make sense but there may be a difficulty negotiating the link between the devices at L1 - in such case a capturing device would show nothing.

I wonder whether the Ethernet interfaces of your hardware could be so old that they would not be able to auto-detect which pair is which (this functionality is often called "auto MDI/MDI-X") and so you would need to connect both of them to a switch (which is supposed to handle that) or use a so-called "crossed cable".

Can you state the parameters/make of the Ethernet interfaces of your rocket boilers?

If the cable turns out not to be the issue, a PC with two network cards (probably most easily available), or a switch with monitoring capability, or a "tap" would help you capture what happens on the wire once the link is established at L1.

answered 30 Nov '15, 07:37

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%