Sorry, I'm a newbie to WireShark. After install on a workstation on my LAN, I see WireShark selects the local interface to monitor by default, but provides option to monitor a remote interface. This LAN has only one /24 subnet with an internet router (AdTran). Two wireless devices are also connected on LAN side of router in bridge mode. To accurately capture all traffic in/out from LAN/WAN, I think I need to monitor the LAN interface of my AdTran router, ya, i.e. monitoring my own interface will miss lots of traffic? But how do I cfg. WireShark to remotely monitor the LAN interface on the AdTran router/gateway? I see WireShark has option for remote interface but it asks for Host and Port. When I enter the LAN IP address of the Adtran router and guess Port 1, WireShark responds that it cannot find a server at that host. Thank you! asked 08 Mar '12, 18:32  IT Tropolis |
One Answer:
The remote capture option requires WinPcap (with Rpcap) software on the remote machine to do the capturing. So unless your firewall is a windows system on which you can install WinPcap, you can't use the remote capture option to capture on the firewall. Have a look at http://wiki.wireshark.org/CaptureSetup for strategies to capture the traffic of interest. answered 08 Mar '12, 23:53  SYN-bit ♦♦ |
