SV650.org - SV650 & Gladius 650 Forum - View Single Post

13-07-11, 04:45 PM

Surely wireshark is going to be limited on a switched network unless your sniffing an uplink port, if your on a switched network patched into an access port without arp poisoning your only going to see traffic on that particular network segment which in theory would only be one machine

Assuming your sniffing on an uplink port wireshark is only going to tell you the blinding obvious such as an excess amount of re transmission or dodgy protocols being used and even then you are going to have millions of packets to examine. Im not saying wireshark is no use but its a tool with a narrow scope that is best to further investigate and issue that has already been discovered

13-07-11, 04:45 PM	#8
grimey121uk Guest Posts: n/a	Re: IT Question: LAN Monitoring Surely wireshark is going to be limited on a switched network unless your sniffing an uplink port, if your on a switched network patched into an access port without arp poisoning your only going to see traffic on that particular network segment which in theory would only be one machine Assuming your sniffing on an uplink port wireshark is only going to tell you the blinding obvious such as an excess amount of re transmission or dodgy protocols being used and even then you are going to have millions of packets to examine. Im not saying wireshark is no use but its a tool with a narrow scope that is best to further investigate and issue that has already been discovered Last edited by grimey121uk; 13-07-11 at 04:48 PM.