Sometimes, I use more than one capture location, for example at the client and the server, at the same time. It can either be put close to the client, or to the server, or somewhere in the network path between the two nodes. Usually, the first thing I do when you try to capture packets to solve a problem I determine the best location to set up your sniffer. And since that topic seems to become more and more popular I thought it would be a good idea to write a little how-to about it. Since I’m also a certified VMware instructor it happened more than once that another instructor teaching the Wireshark class asked me how to do this, and sometimes even pulled me into his own class to speak about capturing virtual machines for a few minutes. Later, when I was teaching Wireshark courses at Fast Lane, the topic of capturing the traffic of virtual machines came up every once in a while when I spoke about data capturing methodology in class. The VMware part was the biggest challenge of all, because we had to find a place where we could capture the traffic of three virtual machines running inside a DRS cluster, and we had to make sure we really didn’t miss anything coming or going to these servers.
One of the most complicated analysis jobs took two weeks to plan, and involved major headaches like SSL encrypted links, a load balancer, NAT devices and a huge VMware infrastructure. I bought all the recording hardware we used, acquired network TAPs of all sorts and speeds, and did most of the planning of where to put which engine. I have always been the guy in our network analysis team responsible for the actual capture of network packets.
0 kommentar(er)
