The article CaptureSetup/Pipes describes how Wireshark can be configured to receive packets on a pipe.
Alternatively, if sFlow is already being used for network-wide visibility then obtaining an sFlow feed can be as simple as directing the sFlow analyzer to forward sFlow to Wireshark. The first step is to configure the network switches to monitor selected links and send sFlow to the host that will be used for packet analysis - configuration instructions for most switch vendors are available on this blog. For background, the article Packet capture describes some of the reasons why the multi-vendor sFlow standard should be considered as an option for packet capture, particularly in high-speed, switched Ethernet, environments.
This article will demonstrate how Wireshark can be used with sFlow to remotely capture traffic. Wireshark (previously called Ethereal) is a popular, free, open source protocol analyzer.
0 kommentar(er)
