Ok, I did not well understant your previous reply
waiting for 0.99.7 then...
- Message d'origine
De : Gerald Combs <[EMAIL PROTECTED]>
À : Community support list for Wireshark
Envoyé le : Vendredi, 16 Novembre 2007, 17h15mn 47s
Objet : Re: [Wireshark-users] Re : Re : files permissions w
Another possibility that you might want to look into is invalid settings
for subnet mask/default gateway on the pc's or switches involved, as well
as if somebody did something very strange like creating static arp entries
on the pc or the switch that may have used to be correct but aren't
anymore.
On Fri, Nov 16, 2007 at 07:54:53AM -0500, bmcmanus wrote:
>
> There was no port mirroring active on the new switch. This is a
> flat class B network (Note: we are working to correct
> that).
How many hosts on that flat network? I'm sure you're not using the
whole B-net?
> My monitoring PC addr
Patrick ANAT wrote:
> For the second solution with version 0.99.7, there is still a problem:
> the ownership of the calling process of dumpcap will be "root" since
> wireshark is launched with "sudo wireshark". Then file will still be
> owned by root. Maybe a solution will be to only use "sudo"
Some L3 switches flood the traffic from new flows until they are 'learned'.
It greatly improves throughput during flow / session setup in a large switch
that may be CPU-bound, but you generally shouldn't see more than the first
dozen or so frames, once the flow is set up, traffic should be unicast.
setuid for directory doesn't work on GNU Linux System (works on FreeBSD).
setgid works but if the file permission is 600, the group still can't do
anything
For the second solution with version 0.99.7, there is still a problem: the
ownership of the calling process of dumpcap will be "root" since
I recently installed a new managed switch at a Customer location. Initially,
the only connections to the new switch
were two local PCs, my monitoring PC, and the link to the Customer's network.
I noticed what seemed to be excessive
traffic on the network (lots of blinky lights), so I turned on
On Thu, Nov 15, 2007 at 05:49:57PM -0800, Trevor Tolk wrote:
> capture filter:
>
> host 65.98.143.227
Could it be that the frames coming from the mirrored port are
vlan-tagged (if so, they have a [802.1q] header in the packet
detail pane).
If they are, you must use the capture filter "vlan and