Comments on: Remote Packet Capture with WireShark and WinPCAP https://blog.michaelfmcnamara.com/2010/09/remote-packet-capture-with-wireshark-and-winpcap/ technology, networking, virtualization and IP telephony Tue, 07 Sep 2010 21:13:45 +0000 hourly 1 https://wordpress.org/?v=6.6.2 By: Michael McNamara https://blog.michaelfmcnamara.com/2010/09/remote-packet-capture-with-wireshark-and-winpcap/comment-page-1/#comment-2624 Tue, 07 Sep 2010 21:13:45 +0000 http://blog.michaelfmcnamara.com/?p=1619#comment-2624 In reply to Gabe.

Hi Gabe,

I also have multiple (licensed) copies of OmniPeek from Wildpackets but I often switch between OmniPeek and WireShark depending on the type of problem and the specfiic protocol that I’m trying to decode. I knew that RPCAP was out there and the folks from WinPACP were working on it (experimental) but I didn’t realize it was so easy to setup, configuration and get going.

The Nortel/Avaya remote port mirroring works quite well… it just encapsulates the frames and switches them across the network to a destination port. The origination and destination need to be ERS 8600 switches and then the middle points just need to bridge the VLAN which will carry the encapsulated frames. There’s a little configuration to it but it’s still pretty easy.

Cheers!

]]> By: Gabe https://blog.michaelfmcnamara.com/2010/09/remote-packet-capture-with-wireshark-and-winpcap/comment-page-1/#comment-2618 Tue, 07 Sep 2010 16:26:38 +0000 http://blog.michaelfmcnamara.com/?p=1619#comment-2618 WireShark has been in my tool kit for years. However, I did not know they had a remote packet capture. I am looking forward to using this in the future troubleshooting.

I attempted to work with Nortel’s Remote Port Mirroring, but did not have any luck in the past. We ended up using local port mirroring with the Dolch box. When I have some free time, I will follow your Remote Port Mirroring guide.

]]>