We're now a non-profit! Support open source packet analysis by making a donation.

Wireshark-dev: Re: [Wireshark-dev] Connecting to router

From: Martin Visser <martinvisser99@xxxxxxxxx>
Date: Mon, 27 Apr 2009 16:57:37 +1000

That page seems to specifically be involved in troubleshooting network
traffic when connecting to home broadband router. In the situation
mentioned, you will only see traffic between the monitoring PC
(running Wireshark) and the router. It won't help you see other
traffic going to and from the router. A lot of home routers have a
built-in switch with maybe 4 ethernet ports, plus even a wireless
ports. Unfortunately to see all the traffic to and from such a device
isn't a trivial exercise.

Generally you either need a old-fashioned ethernet hub/repeater in the
path to send a copy of traffic to your monitoring PC, or an advanced
switch (meaning expensive) that supports a port monitor mode that also
makes a copy of packets received on a particular port or VLAN to a
nominated port.  Another alternative is if the router supports some
form of packet capture itself. For instance my Linksys router is
running the DD-WRT software which allows me to run tcpdump to do a
packet capture. I can then analyse the capture file with Wireshark.

Regards, Martin


On Mon, Apr 27, 2009 at 4:27 PM, Rohan Solanki <solanki.rohan@xxxxxxxxx> wrote:
> Hi all,
>   While i was searching on the web of "how to connect wireshark to a
> router", I found the following link
> http://www.plus.net/support/broadband/troubleshooting/wireshark.shtml
> In this link, in the 3rd step, in the 3rd sub-step, it states that "Select
> the relevant network interface from the drop-down at the top of the Options
> window. If you are using a router this will be your Network (NIC) card."
> Can anybody explain this statement...
> How do i connect wireshark to a router, so that i can view the packets that
> are flowing through the router?
> Thanks in advance
> Rohan
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe