THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

From where does wireshark get the traffic? Where does it reside?

  • retag add tags

It's awesome. But I would like to know from where does wireshark get the info about the packets running through the network. I mean... Where does it reside? We install it in our system but could catch the packets in the whole network... so excited to know more about the working of this really awesome tool... I would like to know the working of wireshark in more detail.

Keerthi's avatar
1
Keerthi
asked 2019-08-08 16:44:14 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

2 Answers

1

Wireshark gets the raw octets in the packets on a network from a network adapter (NIC) connected to that network, just as the networking stack on your machine (the software that implements TCP/IP) does. If a NIC on your machine didn't receive those packets, your machine wouldn't be able to communicate on the network to which that NIC is connected.

If you want to know how a NIC receives packets, you'll have to look up how that type of NIC works; that's not a Wireshark issue - Wireshark's just a user of the NIC.

If it's getting traffic that's not explicitly being sent to your machine and neither being broadcast nor multicast, the NIC is probably in promiscuous mode or monitor mode.

Guy Harris's avatar
19.9k
Guy Harris
answered 2019-08-08 17:43:45 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments
0

You seem to have a few basic questions. Have you read the Wireshark User's Guide, there's lots of helpful info there?

grahamb's avatar
23.8k
grahamb
answered 2019-08-08 16:58:51 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Yes. I read the starting pages of that. But I couldn't find where does it reside. Sitting in our system, how could it get the packets running throughout the network even if it is public? I am wondered

Keerthi's avatar Keerthi (2019-08-08 17:26:28 +0000) edit
more
  • delete

Wireshark, in general, captures the traffic that passes the Network Interface Cards( NICs) on the host on which Wireshark is running. Those NICs are in turn connected to a physical network, usually switched Ethernet.

grahamb's avatar grahamb (2019-08-08 17:38:37 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer