![]() You might think that you could revert to using an old-style hub, given that hubs don’t segment network traffic as switches do and this “hubbing out” method might work, but even hubs don’t necessarily pass all traffic. (Here’s one of the benefits of those more expensive managed switches.) The Wireshark SwitchReference page could be helpful here it’s at. ![]() Check your switch to see if you can configure the port you’re using for Wireshark to have all traffic sent to it (“monitor” mode), and/or to “mirror” traffic from one port to another. If you’re connected to a switch as opposed to a hub, broadcast traffic and multicast traffic will go to all ports, but unicast traffic does not. ![]() So before you use this tool to draw conclusions about traffic on your Windows network, it’s worth seeing if you’re really capturing what you think you’re capturing. ![]() This is not necessarily the case, and there could be several reasons for it. If you’re using the Wireshark packet sniffer and have it set to “promiscuous mode” in the Capture Options dialog box, you might reasonably think that you’re going to be seeing all the traffic on your network segment. “Promiscuous mode” (you’ve gotta love that nomenclature) is a network interface mode in which the NIC reports every packet that it sees. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |