ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-users: Re: [Wireshark-users] How to use a "wireshark sniffer PC" to capture ftp flows b

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "AMEAUME, ALAIN (ALAIN)** CTR **" <alain.ameaume@xxxxxxxxxxxxxxxxxx>
Date: Mon, 4 Mar 2013 15:07:40 +0100
 Thanks Tim: i will check about tshark running on each servers: i need first to find the right package to install on my 2 RHEL 5.4 hosts OS.

Alain AMÉAUME
Afin de contribuer au respect de l'environnement, merci de n'imprimer ce courriel que si c'est vraiment nécessaire.
Please consider the Environment before printing this mail. 

-----Message d'origine-----
De : wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] De la part de Tim.Poth@xxxxxxxxxxx
Envoyé : lundi 4 mars 2013 14:40
À : wireshark-users@xxxxxxxxxxxxx
Objet : Re: [Wireshark-users] How to use a "wireshark sniffer PC" to capture ftp flows between 2 terminals located on 2 # sub-networks ?

Personally if I was remote I would run try running dumpcap or tshark on the server(s) (the non-gui tools are lower overhead). There are cases where the load of running on the server will cause problem for the server (took a sql server down one time doing this) in those cases you will have to get someone local to 'tap' in using one of the methods on the wiki. For these types of situations in the past my company has built a box using a turbocap card and shipped it to a client's site to do captures. We give them the login info and got them to upload the data to us. When the issue was resolved we had them ship the box back to us.
Every situation is different, try different things until you find one you like / works.

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of AMEAUME, ALAIN (ALAIN)** CTR **
Sent: Friday, March 1, 2013 11:15 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] How to use a "wireshark sniffer PC" to capture ftp flows between 2 terminals located on 2 # sub-networks ?

Thanks a lot for the info: i decide to insert a hub to simplify my cx -> so that I see all traffic which are broadcasted over any ports.

Still asking who to do if i'm very far from the hostA & B? and connected myself on a remote subnet ? maybe using the remote mirroring ? but for that i need user account to activate mirror session over switches ! ?

Anyhow, thanks all for your help.

Alain AMÉAUME


-----Message d'origine-----
De : wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] De la part de Tim.Poth@xxxxxxxxxxx Envoyé : vendredi 22 février 2013 15:26 À : wireshark-users@xxxxxxxxxxxxx Objet : Re: [Wireshark-users] How to use a "wireshark sniffer PC" to capture ftp flows between 2 terminals located on 2 # sub-networks ?

There are lots of options for doing this, you might want to start by looking at this http://wiki.wireshark.org/CaptureSetup/Ethernet#Switched_Ethernet

You could do the route option but that seems to add a lot of complexity and will change your packet flow which may work against why you are capturing in the first place.

Hope that helps


-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of AMEAUME, ALAIN (ALAIN)** CTR **
Sent: Friday, February 22, 2013 8:55 AM
To: Community support list for Wireshark
Subject: [Wireshark-users] How to use a "wireshark sniffer PC" to capture ftp flows between 2 terminals located on 2 # sub-networks ?

Hi users,

I'm interesting to know how to insert my PC laptop with wireshark as a" PC sniffer" between 2 terminals to capture ftp flows between them:

terminal "A" in sub-network x.y.A.1
terminal "B" in sub-network x.y.B.1
my PC laptop "C" on sub-network x.y.A.2 or x.y.B.2

using this configuration, I do not need to install wireshark on A & B !

I suppose that on "A" terminal I need to create a route from A.1 to B.1 passing thru "C", the same relatively to "B", then I will need also to declare on my laptop "C" a kind of "gateway" function to re-route the ftp flow, after capture, to its original destination  Is it what we call the NAT function on "C": and how to do it on the "C" laptop windows xp sp3 ?

Thanks for your help.

Alain
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube