--- disregard...I placed between our switch and gateway and was able to sniff it all ;) --- it was suggested we use a packet sniffer to discover the root of a trojan spammer behind our firewall, and we have Wireshark Version 0.99.6a (SVN Rev 22276) installed. Does Wireshark have the ability to analyze the network as a whole, or is it specific to a single device? asked 10 Feb '12, 09:30  mcrudo edited 10 Feb '12, 10:50 |
2 Answers:
Wireshark is a packet analyzer, not a whole network analyzer. Any packets that can be seen by the interface(s) it is capturing on will be available for analysis. You might want to look at the Wiki Capture Setup page to determine how you want to run your captures. answered 10 Feb '12, 10:10  grahamb ♦ |
Review the documentation "grahamb" provided. If you have Cisco switches, you can configure a SPAN port. You can connect your wireshark machine to this port to monitor all traffic of the network. I am sure you are able to configure span ports on other vendors; however, I do not know the syntex to complete this. Good luck answered 10 Feb '12, 10:50  jaz0nj4ckal |
You might also want to look at getting a newer version of Wireshark. 0.99.6a is really, really ancient.