Click on Pictures to View

To view a larger version of an image within a post, just click on the picture you want to view :)

Tuesday, August 23, 2016

Using Wireshark & Port Traffic Monitor Session

Scenario: I was wanting to watch for packet traffic between a laptop and a server to see if there was any actual communication happening.

Consider the simple setup below:


I am wanting to capture traffic from computer 1 to the server.  I will do this using Wireshark running on computer 2.

Using Putty, I ssh'd into the Cisco switch from computer 3 and ran the below commands, considering source (computer 1 with application) and destination (computer 2 with Wireshark) interfaces respectively:

 conf t
monitor session 1 source interface Gi0/1 both
monitor session 1 destination interface Gi0/2


I ran Wireshark on computer 2, double clicked the network interface (which was Ethernet) and watched for packets.

I tested to make sure this was working and communication could be seen by doing a simple ping test on computer 1 to the server in question, and watched for packets with computer 1's IP address on Wireshark on computer 2.

After the work was done, the monitor sessions were ended on the switch this way:

no monitor session 1
sh monitor

Make sure no monitor sessions remain open afterward.




Resources:

https://www.wireshark.org/download.html
Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)