It is entirely possible to install Wireshark on both the client and the server, and then capture packets. However, in an enterprise environment, this is not practical. A switch port can be configured to capture packets being transmitted on another switch port.

Let's say you have a client PC connected to interface GE1 on your switch, and a server connected to interface GE2.

In this example, your Wireshark machine can be connected to GE3, and then GE3 can be configured to mirror GE1 or GE2.

Every switch is different, so you will need to consult your switch documentation to understand how to configure port mirroring on your switch. However, there will always be some similarities between switches. When configuring port mirroring, you will always need to configure a source port and destination port. In this example, GE1 could be selected as the source port and GE3 as the destination port.

There should also be an option to select Tx only, Rx only, or Tx and Rx. Typically Tx and Rx would be ideal, so that you can see the traffic coming in and out.

• Tx = Send (transmit)
• Rx = Receive
• Tx and Rx = send and receive

If using Cisco IOS:

1. In IOS, type enable and press enter
2. Type configure terminal and press enter
3. Select the source interface to monitor: Type monitor session x source interface ge x/x and press enter
4. Select the destination interface to monitor: Type monitor session x source interface ge x/x and press enter
   • Replace "x" with a unique session number between 1 and 66.
   • Replace "x/x" with the port number (example: 0/1)
5. Type exit and press enter

Use the show users to verify that the user has been added.

The reload command can be used to return the router or switch to the configuration it had before any changes were made.

To ensure these changes remain saved if the router or switch is restarted, save the changes to the startup-config. Type copy running-config startup-config and press enter. This saves to NVRAM. To ensure the startup-config contains the new user, use the show startup-config command. It is also possible to save the changes to flash using the copy startup-config flash command. Then use the show flash command, and the startup-config file should be listed.

Wireshark can now be used on the PC connected to GE3 to capture packets going in and out of GE1.