This is a really quick and convenient way to view only the traffic going between two specific systems.Īnother right-click option in the packet list pane that I find handy is “Follow TCP stream.” This not only sets up a filter that displays only packets in the TCP stream you’ve selected, but it opens a new window showing the packet data as stream content, color-coded and in chronological order. Just pick a packet in the packet list pane that involves traffic between the two systems whose conversation you’d like to view, right-click that packet, and choose “Conversation filter.” You’ll typically have several choices here for example, “Ethernet” will create a filter using MAC addresses of the two systems “IP” will create a filter using IP addresses and “TCP” will create one using both IP addresses and port numbers. Now of course you could manually type in a filter that would do this, such as “(ip.addr eq 10.10.1.50 and ip.addr eq 74.125.65.100) and (tcp.port eq 60479 and tcp.port eq 80)” for example. Last post we discussed filtering packets in Wireshark to restrict the displayed packets according to specified criteria, such as “tcp.port = 3389” to view Remote Desktop Protocol traffic, “tcp.port = 80” to view Web traffic, and “LDAP” to view Active Directory traffic.Īnother way to zero in on traffic of interest is to view a “conversation” between two specific systems.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |