Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] [Wireshark-dev] Connecting to router

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Sun, 26 Apr 2009 23:57:55 -0700
(This is a wireshark-users type of question, so I'm sending the replies only to wireshark-users.)

On Apr 26, 2009, at 11:27 PM, Rohan Solanki wrote:

While i was searching on the web of "how to connect wireshark to a router", I found the following link

http://www.plus.net/support/broadband/troubleshooting/wireshark.shtml

In this link, in the 3rd step, in the 3rd sub-step, it states that "Select the relevant network interface from the drop-down at the top of the Options window. If you are using a router this will be your Network (NIC) card."

Can anybody explain this statement...

Yes, although I think the answer won't be an answer to the question you originally wanted answered.

PlusNet is an ISP for consumers ("Home") and, I suspect, small-to- medium businesses ("Business"); they're assuming you have a very simple network with, perhaps, just one computer directly connected to the Internet, or a small number of computers connected to a router directly connected to the Internet.

As such, they're probably assuming that you want to capture the traffic going between the machine running Wireshark and the Internet, not that you are trying to capture all the traffic running through the router, so they're giving you advice for how to capture on whichever network interface your computer uses to communicate on the Internet. The reason that they're mentioning the router is that (at least from what I could find on their site), they offer a choice of

1) a USB DSL modem, which would presumably be what you'd use if, for example, you have only one computer at your home or business, and the computer is in a fixed location (as opposed to being, for example, a notebook/laptop computer which wouldn't always be in a convenient place to be plugged into the USB modem;

2) a wireless router, which would presumably be what you'd use if you have more than one computer you want to connect to the Internet, or have one or more computers that you'd use from multiple places, not all of which would be near enough to a USB modem.

If you're using a USB modem, it will be the interface you'd use to communicate over the Internet. If you're using a router, the interface that communicates with the router - probably an Ethernet or Wi-Fi interface - would be the one you'd use to communicate over the Internet.

How do i connect wireshark to a router, so that i can view the packets that are flowing through the router?

If you want to view all the packets that are flowing through a router, that's a *completely different question* from the one that the people at PlusNet are trying to answer, and one place to look for the answer would be

	http://wiki.wireshark.org/CaptureSetup/Ethernet

and another would be

	http://wiki.wireshark.org/SwitchReference

They both speak of switches, but some of what they have to say applies to routers as well. To watch all the traffic flowing through a switch or router, you'd need to somehow have the switch or router put a copy of all that traffic onto a particular port on the switch or router, and plug the machine running Wireshark into that port and capture on that port; that's what the articles pointed to by the SwitchReference pag discuss.