From: CAREY SCHUG via Talk <talk@lists.gtalug.org>
this is just my home. one router to Comcast, one local node. I assumed wireshark wouild use promiscuous mode and record everything that went to/from comcast, no?
This is not particularly clear. Is the router actually the box provided by Comcast? That would likely be a combination of a - modem to decode cable signal into ethernet - a router, including NAT, a packet filter - an ethernet (wired) switch - an AP (for WiFi) Is this correct? What is the model? "one local node" implies to me that you only have one computer but that seems to contradict other messages which suggest you want your Linux machine to monitor your Windows machine. I'm guessing that the first thing to do is figure out what machine is generating the traffic. That probably doesn't require wireshark. There are lots of tools to do that (some for Linux, some for Windows. There might even be one in your Comcast router. If malware is involved, it could be hiding the traffic. If so, you need to measure the traffic on another machine that is party to it. That would be the Comcast box unless you add some hardware.