We're now a non-profit! Support open source packet analysis by making a donation.

Wireshark-users: Re: [Wireshark-users] Connecting to a remote device

From: Guy Harris <[email protected]>
Date: Wed, 7 Feb 2007 19:36:23 -0800
On Feb 7, 2007, at 7:16 PM, Brian Wallen wrote:

I'm currently running a Watchguard Firewall box and using the Windows
program Winsyslog to monitor it's traffic.
"Monitor its traffic" in what sense?

The WinSyslog I found with Google is a syslog daemon, meaning that it receives syslog protocol (RFC 3164):

packets and logs the messages in them.

If that's the program you're running, that's not monitoring raw network traffic, it's just monitoring messages that the Watchguard box is sending, just as the syslog daemon that comes with UN*X systems can do.
Is there a way I can make
wireshark remotely connect to my firewall the same way that Winsyslog does?
If "the same way that Winsyslog does" is referring to logging syslog  
messages, no, you can't - Wireshrk is a raw network traffic capture  
and analysis program, not a higher-level "system monitoring" program  
to watch things such as syslog messages.  (It can dissect the syslog  
protocol, but that no more makes it a syslog monitoring program than  
does its capability to dissect the HTTP protocol make it a Web browser.)