I've used the cheap switches that mirror from Netgear, the current model is the GS305e <https://www.netgear.com/business/wired/switches/plus/gs305e/>, which I haven't actually used, or if you can get it, the older model the GS105e which I've used a lot. Make sure you get the "e" versions as they make slightly cheaper unmanaged versions that won't mirror ports. They also have 8 port versions, but I prefer the smaller one to go into my "Wireshark" bag of bits.
On Thu, 13 May 2021 at 01:54, Kurt Buff <kurt.b...@gmail.com> wrote: > Others have mentioned switches or hubs for gathering the packets. > > Network Taps are another alternative, and many are available used (ebay) > for relatively small prices. > > https://www.ebay.com/sch/i.html?_from=R40&_trksid=p2499334.m570.l1313&_nkw=network+tap&_sacat=58058 > > Kurt > > On Wed, May 12, 2021 at 4:12 PM Ron W <ronw.m...@gmail.com> wrote: > >> I am trying to use WireShark to diagnose a network problem between a >> Windows PC and a Linux-based controller (for a robot). >> >> The controller uses uboot and TFTP to download the Linux image from the >> PC. Using the controller's serial port, I can see the messages output by >> uboot and by Linux. The messages as as expected and the controller appears >> to work correctly except after downloading Linus via TFTP, the PC >> application is not able to communicate with the controller via TCP/IP. >> >> So, I connected an Ethernet switch between the PC and the controller and >> also connected a laptop to the switch so I can monitor with WireShark. >> >> What I see in WireShark's capture log (see attached screen picture) would >> have made sense, but the log is not showing the TFTP messages. So, to make >> sure TFTP was actually working, I interrupted uboot before it started >> downloading Linux. I then entered commands to have uboot download various >> test files I created and inspect what was downloaded to make sure the >> expected content was in the controller. As I did this, I continued to >> monitor with WireShark. Still I did not see anything after the initial ARP >> request from the controller, asking for the MAC corresponding to the IP >> address of the PC. i did not even see an ARP reply from the PC. >> >> Since I'm not seeing the TFTP messages, nor the PC's ARP response, I have >> to assume I configured WireShark incorrectly. Looking at my capture >> selection and capture options (see attached screen pictures), I can't find >> anything to explain not seeing the TFTP messages in the capture log. >> >> I even tried a fresh install of WireShark on another laptop that had >> never had Wireshark on it. Same result: No TFTP message in the capture log. >> >> I have used WireShark successfully in the past. As best I can remember, I >> setup WireShark the same as I have in the past. >> >> Still, I must be doing something wrong. Any advise on what I need to fix >> in my WireShark settings? >> >> Thanks in advance >> >> -- Graham Bloice
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-requ...@wireshark.org?subject=unsubscribe
