Discussion on:
View:
Show:
I highly recommend if possible do a baseline scan of the network when everything is running properly. This will help you get a feel for what normal condtions look like and you can compare traces to see what may be new or different. If you are new to Wireshark you should check out http://www.wireshark.org/docs/ which has some good information and helpful videos.
Network congestion issues are one fear most admins would like to live without. Laura Chappell has some great WireShark instructional videos on http://www.securitytube.net.
Nice article, Jack.
This may go without saying, but it may be worth mentioning that it matters how the machine running Wireshark is connected to the network as to how much traffic you will see. If you install Wireshark in a normal switched network and fire it up, you will see that machine's traffic and any broadcast traffic, but not traffic from any other workstation to the internet. For that, you would either need to run Wireshark from the suspect computer, or configure a mirror/span port on the switch and plug the PC running Wireshark into that.
Sorry if I'm stating the obvious, but I know as a young admin coming up it took me some head banging to figure this one out on my own
This may go without saying, but it may be worth mentioning that it matters how the machine running Wireshark is connected to the network as to how much traffic you will see. If you install Wireshark in a normal switched network and fire it up, you will see that machine's traffic and any broadcast traffic, but not traffic from any other workstation to the internet. For that, you would either need to run Wireshark from the suspect computer, or configure a mirror/span port on the switch and plug the PC running Wireshark into that.
Sorry if I'm stating the obvious, but I know as a young admin coming up it took me some head banging to figure this one out on my own
You can also achieve the desired result by using a HUB. What goes in one port goes out to all ports.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
