Avaya Support Forums  

Go Back   Avaya Support Forums > Small and Medium Business Communications

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 05-14-2015, 07:20 AM
haddod haddod is offline
Hot Shot
 
Join Date: Apr 2015
Posts: 15
haddod has 10 reputation points
Default Using Wireshark

Hello. I have installed Wireshark and WinSCP but all I see to capture data on are the Servers two ethernet ports. I am trying to get a handle on adding another interface but in googling around and reading the help file I am still no closer. Can someone coach this old voice guy on how to add the IP Office LAN port to the interfaces traced so I can capture data please?
Thank you in advance,
Reply With Quote
  #2  
Old 05-14-2015, 08:37 PM
sedge sedge is offline
Hot Shot
.
 
Join Date: Apr 2010
Posts: 23
sedge has 10 reputation points
Default

Hi

With Wireshark installed on your laptop, you will need to have your laptop capturing the data flowing between the IP Office and the Ethernet switch it is connected to.

If you connect your laptop to another Ethernet port on the same switch you will not see data to/from the IP Office [unless it's data specifically going to/from your laptop].

So that Wireshark can "see" the data going to/from the IP Office the Ethernet switch would need to be configured for "port mirroring". This is just as it sounds, data on the Ethernet port the IP Office is connected to is "mirrored" to the port your laptop is connected to.

How to configure "port mirroring" will be specific to the model of Ethernet switch and is usually performed by the IT Administrator of the network.

Another option, which is old and less than ideal is to install an Ethernet "hub" between the IP Office and the Ethernet switch. Then plug your laptop into the hub. A hub has the same data to/from every port. Hubs are difficult to find today and would not be Gigabit speed.

Of course, the connection between the IP Office and Ethernet switch would have to be disconnected to install a hub, another negative.

Port mirroring, as above is what typically needs to be done.
Reply With Quote
  #3  
Old 05-15-2015, 02:10 PM
zakabog zakabog is offline
Genius
 
Join Date: Aug 2014
Posts: 300
zakabog has 25 to 49 reputation pointszakabog has 25 to 49 reputation pointszakabog has 25 to 49 reputation points
Default

What kind of data are you trying to capture? There might be a better method of troubleshooting than using Wireshark.
Reply With Quote
  #4  
Old 05-19-2015, 01:17 PM
oiduran's Avatar
oiduran oiduran is offline
Genius
 
Join Date: Nov 2013
Location: Bogotá, Colombia
Posts: 204
oiduran has 22 reputation pointsoiduran has 22 reputation points
Default

Could You upload tracert Wireshark?
Reply With Quote
  #5  
Old 01-24-2022, 03:13 PM
thompson109 thompson109 is offline
Aspiring Member
 
Join Date: Jan 2022
Posts: 1
thompson109 has 10 reputation points
Default How is a message's protocol determined in wireshark?

How is a message's protocol determined in wireshark?

I am new to wireshark. I started watching one training video but it was long and I am looking for specific answers to questions to help in my coding job.

How is a message packet's protocol determined in wireshark? I have a .pcapng file I have been looking at and at first it seemed that the first three hex digits were the determining factor because they seemed to be unique to a protocol. But this is not the case. Instead they seem to be part of the destnation address.

Thanks in advance.

Also, just to be sure: the hexidesimal representation in the third frame window represents the whole package without anything added or taken away, right? Is this a correct assumption?

the protocols that I am interested in are:
ARP
HTTP
HTTP/JSON
MDNS
NBNS
TCP

I found some documentation online at documentation dot help: https://documentation.help/Wireshark...tml#idp3107168

1.1.6. Many protocol decoders
There are protocol decoders (or dissectors, as they are known in Wireshark) for a great many protocols: see Appendix B, Protocols and Protocol Fields.
Appendix B. Protocols and Protocol Fields
Wireshark distinguishes between protocols (e.g. tcp) and protocol fields (e.g. tcp.port).
A comprehensive list of all protocols and protocol fields can be found at: http://www.wireshark.org/docs/dfref/
And there are lots of protocols listen here

For HTTP and HTTP/JSON the data stream I have from my .pcapng file contains a data backet which starts with a Destination address followed by a Source addrss and then there is something I find interesting. It is:

Type: IPv4 (0x0800)

And that is the same for HTTP as well as HTTP/JSON

So how do I determine the difference from tha packet data.

On the same location, we have (0x0806) for ARP
On the same location, we have (0x0800) for MDNS -- which is the same for HTTP, so this is not the answer
On the same location, we have (0x0800) for NDNS -- which is the same for HTTP, so this is not the answer
On the same location, we have (0x0800) for TCP -- which is the same for HTTP, so this is not the answer

wireshark is open source. So my only other option it seems apart from getting an answer online is to step throught the code.
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -7. The time now is 01:26 PM.

This Forum is provided solely for the use and convenience of Avaya customers and partners. Use of the Forum is subject to the Terms and Use and Privacy Statement found at www.avaya.com. No other use is permitted. The Forum including all content posted is “AS IS” and Avaya expressly disclaims all warranties and/or guarantees as to its accuracy, reliability, usefulness, quality or non-infringement of intellectual property. Avaya reserves the right to remove any content posted on the Forum at any time and for whatever reason.

Avaya will not be liable for any content posted on this Forum, including, without limitation, any errors or omissions or for any losses or damages of any kind incurred as a result of use or reliance on any content, regardless of its origin.

You expressly understand and agree that you assume all risks associated with use or reliance on this content.