thatguy wrote:Does wireshark read packets before they reach the kernel/iptables?Yes.thatguy wrote:I had iptables set up to block everything, yet wireshark continued to get up to several hundred packets per second, mostly ARP broadcast from the lan.Expected behaviour.
I've got wireshark setup on a monitoring machine to monitor our offices internet traffic (approx 40 machines). However, whenever I start wireshark within about 30-40 seconds it has crashed - I think due to the large volume of packets being received around 10,000+ per second. Is there anyway to solve this?
Capture interfaces show:
eth0 - with IP - shows packets sent and received
wmaster0 - unknown - no packets shown
wlan0 - unknown - no packets shown
bluetooth - unknown - shows packets sent and received
any - unknown - shows packets sent and received
io - with IP - no packets shown.
I am running three VMs connected over a virtual switch. I configured the vSwitch to forward all traffic from the server VM to both output ports where the other two VMs are connected. Thus the server VM sends traffic to two others. I ran wireshark on all devices and observed that one of the VMs is dropping some TCP packets. So, the number of packets received on the two VMs are not same.
Presently I blocked youtube by adding following lines in squid proxy.
acl sites dstdomain .youtube.com
http_access deny sites
so the users can't access youtube. This access list blocked youtube sites.
but I have to allow some video's on youtube so that users can see this.