Is is possible to capture TCP packets traveling between two remote systems that are not directed to the Wireshark host computer?
I need to intercept traffic between an old Redhat Linux 2.4 computer and a discontinued 20-year-old machine that is controlled via TCP/IP in order to analyze it's communication protocol so I can control it with a modern computer. All systems are connected via a legacy Netgear Hub. I am able to open a Telnet connection and capture packets between the Wireshark computer and the machine, but I cannot see any traffic traveling directly between the Redhat Linux computer and the machine.
The IP addresses are as follows:
Wireshark Computer (Windows 10) - 192.168.200.68
3rd Party Equipment (Not a Computer) - 192.168.200.63, 192.168.200.64, 192.168.200.65
Redhad Linux 2.4 Computer - Unknown, Probably something like 192.168.200.67
Is there a way to do this?
asked 19 Oct '17, 09:55
Capturing packets requires access to the physical connection the packets travel trough. They won't take a detour to your Wireshark PC, you have to put your Wireshark were they are visible. In your case the hub would be a perfect spot, but you need to be connected directly to it and it really needs to be a hub (some "hubs" are switches in reality, and you won't see the packets).
For more information on capture setups, check the following links:
answered 19 Oct '17, 10:15
You can use the remote capture options of Wireshark, which allows you to capture traffic through an SSH tunnel.
answered 19 Oct '17, 10:33