I am interested in capturing traffic on our network from a range of devices as part of a device trial. The devices will not have wireshark installed on them. Is it possible to still capture data from these trial devices using TShark? asked 10 Jan '12, 07:20  Mike4G edited 26 Feb '12, 20:56  cmaynard ♦♦ |
One Answer:
Yes, probably. But remember that you will still need to have installed the libpcap (or winpcap, depending of your target platform) device driver. answered 10 Jan '12, 08:43  griff edited 10 Jan '12, 21:16 Fortunately, on most if not all UN*X platforms, there's no device driver to install - libpcap uses a mechanism built into the OS. Windows is different - it requires a driver to connect NDIS to the WinPcap library. That driver is part of WinPcap. (27 Feb '12, 14:01) Guy Harris ♦♦ |
What do you mean by "capture data from these trial devices"? You can capture traffic from a device using Wireshark, or TShark, or tcpdump, or snoop, or..., without having Wireshark, or TShark, or tcpdump, or snoop, or... running on the device itself, as long as you're on the same network as the device.