Manualshelf

Quick Start Guide

ManualsBrandsWireshark ManualsSoftware$model.subName
11121314151617181920
Wireshark Quickstart Guide
16
Appendix 1: Packets Captured: Explanation
and Troubleshooting
Wireshark is designed to show you all packets that come into
and out of your computer. You are probably using Ethernet for
your LAN, and Ethernet is a shared-access protocol. As a result,
Wireshark would theoretically allow you to see the following
types of traffic:
Packets sent to/from your computer.
Broadcast packets sent to all computers on your
local network.
Packets sent to/from any other computers on your
local network.
However, several factors may keep you from seeing some of the
packets on your network.
I) Switches or Routers versus Hubs
Ethernet assumes that your local network looks like some
variation of a bus, and that traffic to any computer on the local
network will be seen by any other computer on that network.
In practice, Ethernet networks often use a star topology,
wherein all of the computers are linked to a central unit. In the
early days of Ethernet, this central unit was called a hub. A hub
listens to each incoming port and repeats everything that it hears
out to every port. Although a hub’s physical network topology
is a star, logically it acts like a bus topology – every station on
the network sees all of the traffic on the network. Therefore, if
your network uses a hub, your machine should be able to report
both the traffic to your machine and also the traffic to all other
machines on your network.
The problem with hubs is that they reduce capacity since each
station must pick their packets out of a lot of irrelevant traffic
for other stations. Today, it is more normal to build networks
switches and routers. You can refer to your textbook for a
description of the differences in these devices. However, the
simple explanation is that they work to insure that each station
only sees the traffic that it needs to see. It is likely that your
network’s central unit is a switch or a router. If this is the case,
your computer (and Wireshark) will be able to see traffic that is
addressed to/from your computer and broadcast traffic for all
computers on the network, but you will not be able to see