This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Sniffing between source and destination

0

I need help on listening to the packets sent from one source to a destination which are basically a router and a WAN device. I don't have access to the settings of either devices, the only point I can interfere is the ethernet cable the two devices are connected with. I am using a computer with two ethernet interfaces and Wireshark as a sniffer but my problem is I want the devices recognize each other and continue their usual traffic as I am not there and also I need a copy of the whole packet network both source and destination to my computer. I tried bridging the connections in Windows but no results.

Thanks for further help

asked 04 Jul '17, 06:51

kemaluysal's gravatar image

kemaluysal
6112
accept rate: 0%


One Answer:

0

I think this page contains comprehensive information about capture setup:

https://wiki.wireshark.org/CaptureSetup/Ethernet

As for me using switch with SPAN port would be easier than making quiet transparent bridge on Windows PC. Maybe I'm wrong here. Please be more specific about "I tried bridging the connections in Windows but no results"

answered 04 Jul '17, 07:16

Packet_vlad's gravatar image

Packet_vlad
4361613
accept rate: 20%

edited 04 Jul '17, 07:26

Establishing a bridge between two Ethernet ports on Windows worked well for me (even at W10) with WinPcap but not with NPcap as the two hook into the network stack at different points.

Budgetary (about 40$) solutions for traffic mirroring are Mikrotik RB260GS and NetGear GS105Ev2.

(04 Jul '17, 08:33) sindy

Or booting Linux (from a liveCD even) and setup a bridge that way. tcpdump, dumpcap or Wireshark for capture and you're golden. As you can see, there are many options.

(04 Jul '17, 10:47) Jaap ♦