|Main Archive Page > Month Archives > wireshark-users archives|
On 11/8/2010 10:09 AM, David Shephard wrote:
> Hi all I want to capture LAN traffic from Core Switch to DMZ & filter
> by protocol, is this possible?
Yes, you can filter on anything you'd like. But somethings you need to
1) How do you plan on getting the traffic to the analyzer? Via
2) If so, make sure you pick one ingress/egress point. Don't span the
VLAN because you'll then capture the packets as it enters and exits the
3) Keep an eye on the monitor/span destination port (sho int, or sho
mac in Cisco'ese) to make sure that you're not overrunning the
4) You have the option of running VACLs to limit what you capture, but
there are some dependencies so stay away unless you have a clear idea
about the pro's and con's. There was a nice Sharkfest presentation this
year on using VACL's so check it out on the sharkfest 2010 site.
Once you've successfully created the span, you can also filter on
Wireshark itself. You can use "host 18.104.22.168" or you can use "port 123"
It's a pretty open ended question so I'm hesitating on giving a detailed
Sent via: Wireshark-users mailing list <email@example.com>