This is our old Q&A Site. Please post any new questions and answers at

--- disregard...I placed between our switch and gateway and was able to sniff it all ;) ---

it was suggested we use a packet sniffer to discover the root of a trojan spammer behind our firewall, and we have Wireshark Version 0.99.6a (SVN Rev 22276) installed.

Does Wireshark have the ability to analyze the network as a whole, or is it specific to a single device?

asked 10 Feb '12, 09:30

mcrudo's gravatar image

accept rate: 0%

edited 10 Feb '12, 10:50

You might also want to look at getting a newer version of Wireshark. 0.99.6a is really, really ancient.

(11 Feb '12, 02:22) grahamb ♦

Wireshark is a packet analyzer, not a whole network analyzer. Any packets that can be seen by the interface(s) it is capturing on will be available for analysis.

You might want to look at the Wiki Capture Setup page to determine how you want to run your captures.

permanent link

answered 10 Feb '12, 10:10

grahamb's gravatar image

grahamb ♦
accept rate: 22%

Review the documentation "grahamb" provided. If you have Cisco switches, you can configure a SPAN port. You can connect your wireshark machine to this port to monitor all traffic of the network.

I am sure you are able to configure span ports on other vendors; however, I do not know the syntex to complete this.

Good luck

permanent link

answered 10 Feb '12, 10:50

jaz0nj4ckal's gravatar image

accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 10 Feb '12, 09:30

question was seen: 3,029 times

last updated: 11 Feb '12, 02:22

p​o​w​e​r​e​d by O​S​Q​A