Ip.src = 192.168.0.1 Filter by destination: display traffic only form IP destination Ip.addr = 192.168.1.1 Filter by source address: display traffic only from IP source
Filter by IP address: displays all traffic from IP, be it source or destination Bellow is a list of the most common type of filtering. The filtering capabilities are very powerful and complex, there are so many fields, operators and options and their combination becomes overwhelming. Fortunately, wireshark has display filters so that we can search for specific traffic or filter out unwanted traffic, so that our task becomes easier. I don't know enough about ShoreTel to figure this thing out and I'm asking if anyone has any ideas that could lead me in the right direction.Wireshark takes so much information when taking a packet capture that it can be difficult to find the information needed. The reason we are doing this is because we have recently rebuilt our CallCopy server, which was reading the traffic before but isn't anymore. Other than that I could not read the voice traffic after I've established a connection with the MGC server. Another thing that I've done is segregate the IP phone (ShoreTel 230) with a small switch and a laptop monitoring traffic on that small switch the only traffic I was able to see were the arp requests and DHCP traffic for that phone. I've tried using different computers to run wireshark on the same port, and also monitoring a different port on a different switch.
I've setup a mirror port on our switch, and set the ports connected to the ShoreTel hardware to be monitored and still I can't see RTP traffic. I'm not sure what I'm doing wrong, but I am unable to see the ShoreTel traffic with wireshark.
0 kommentar(er)
