Port mirroring is a feature on managed switches that allows traffic from one or more ports to be mirrored onto an alternate port for the purpose of monitoring. In order to examine traffic on an ethernet port other than the one your computer is plugged into, you need to mirror your ports. This means if you just plug your computer running Wireshark into any available switch port, you’ll only be able to see traffic to and from your computer and broadcast/multicast traffic Interesting, but not always useful. Switches are a refinement of hubs in that they discover the hardware addresses associated with each port and only transmit relevant traffic between ports. As you can imagine, that didn’t scale very well. Back in the day when hubs were common, all traffic was transmitted to all ports. However, there are only a few basics that you need to know before you begin.įirst, you need to know what traffic you’re actually monitoring. It’s extremely powerful and offers a myriad of options. When first launching Wireshark, it’s easy to become intimidated. It’s a very cool tool, and it will give you a new found respect for just how much and how varied the data that traverses your cat 5e cable is. Wireshark is a freeware network packet analyzer that captures network packets and displays detailed packet data.
Select ‘Statistics’, ‘Conversations’, and then open the ‘IPv4’ tab to see data listed for such criteria as ‘Bytes’.One network tool that every IT person should know about is Wireshark (previously Ethereal). Wireshark captures all of the activity on your network and lets you sort through it at your leisure.
0 kommentar(er)
