How to capture packets using Wireshark on SMB router or switch

Introduction

Packets capture and analysis are very important for us to troubleshoot when some problems occur such as the router can’t obtain IP from ISP, the client can’t receive multicast packets, etc. This document will introduce how to capture packets using Wireshark in SMB router or switch.

Prerequisites

1. Wireshark Software

Wireshark is available at https://www.wireshark.org. It’s a free and powerful sniffing and analyzing software.

2. PC with Ethernet port

Typical Packet Capturing Topology

Note: Connect PC to SMB router or switch directly.

Procedures

1. Download and install Wireshark on your PC.
2. Connect PC to the SMB router or switch directly.
3. Set Port Mirror for PC and the port you want to capture packets.

1. SMB router

Input the IP address to the address bar in the web browser and you will visit the GUI of the SMB router.

After logging into the page, go to Network-Switch-Mirror, enable Port Mirror, select the port connecting to your PC in the Mirroring Port and the port you want to capture packets in the Mirrored Port, click Save.

2. SMB switch

Input the IP address to the address bar in the web browser and you will visit the GUI of the SMB switch.

After logging into the page, go to MAINTENANCE-Mirroring, click Edit, select the port connecting to your PC in Destination Port Config and enable Ingress and Egress option in the port you want to capture packets in Source Interface Config, click Apply.

4. Run Wireshark, select the interface you connect to SMB router or switch.

Apply the display filter

Since the router/switch is forwarding packets constantly, we may need to apply some display filter to filter out the packets we are interested in.

For example,

IP address: ip.addr==192.168.0.1, 8.8.8.8, etc.

UDP port: udp.port==29810, 4500, etc.

TCP port: tcp.port==443, 53, etc.

Protocol: IGMP, DHCP, ISAKMP, etc.