I need help on listening to the packets sent from one source to a destination which are basically a router and a WAN device. I don't have access to the settings of either devices, the only point I can interfere is the ethernet cable the two devices are connected with. I am using a computer with two ethernet interfaces and Wireshark as a sniffer but my problem is I want the devices recognize each other and continue their usual traffic as I am not there and also I need a copy of the whole packet network both source and destination to my computer. I tried bridging the connections in Windows but no results. Thanks for further help asked 04 Jul '17, 06:51 kemaluysal |
One Answer:
I think this page contains comprehensive information about capture setup: https://wiki.wireshark.org/CaptureSetup/Ethernet As for me using switch with SPAN port would be easier than making quiet transparent bridge on Windows PC. Maybe I'm wrong here. Please be more specific about "I tried bridging the connections in Windows but no results" answered 04 Jul '17, 07:16 Packet_vlad edited 04 Jul '17, 07:26 |
Establishing a bridge between two Ethernet ports on Windows worked well for me (even at W10) with WinPcap but not with NPcap as the two hook into the network stack at different points.
Budgetary (about 40$) solutions for traffic mirroring are Mikrotik RB260GS and NetGear GS105Ev2.
Or booting Linux (from a liveCD even) and setup a bridge that way. tcpdump, dumpcap or Wireshark for capture and you're golden. As you can see, there are many options.