Just pick a packet in the packet list pane that involves traffic between the two systems whose conversation you’d like to view, right-click that packet, and choose “Conversation filter.” You’ll typically have several choices here for example, “Ethernet” will create a filter using MAC addresses of the two systems “IP” will create a filter using IP addresses and “TCP” will create one using both IP addresses and port numbers. Now of course you could manually type in a filter that would do this, such as “(ip.addr eq 10.10.1.50 and ip.addr eq 74.125.65.100) and (tcp.port eq 60479 and tcp.port eq 80)” for example. Last post we discussed filtering packets in Wireshark to restrict the displayed packets according to specified criteria, such as “tcp.port = 3389” to view Remote Desktop Protocol traffic, “tcp.port = 80” to view Web traffic, and “LDAP” to view Active Directory traffic.Īnother way to zero in on traffic of interest is to view a “conversation” between two specific systems.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |