What is a packet capture?Ī packet capture, also known as a PCAP file, is a tool that can be helpful in troubleshooting. Head to Wireshark for details on this open-source option. Wireshark provides many options for the capture as well as sorting traffic by several different parameters. If you are not familiar with this process, let us answer some questions you might have already.įirst things first, Wireshark is a free packet analyzer for anyone looking to troubleshoot their network. Having a simple tool to use is invaluable! The goal of this article is to get more comfortable with the basics of packet captures as well as how to stream the packets to Wireshark. If your application appears to be communicating with just one server, you could just use the IP address of that server to filter by: ip.addr = x.x.x.Introduction and Frequently Asked QuestionsĬonfiguration changes, monitoring, and troubleshooting are something a network administrator has to deal with often. This will allow you to see all the traffic for the connections your application has open and Wireshark will not include just raw TCP/UDP segments but it will include the various application layer protocols (eg. Now in wireshark, you need to tell it to display packets that originated from or are destined to that port by using one or more of the these filters:Īdd an additional or tcp.port = xxxxx for each connection you want to show. Each executable has one or more connections listed as 127.0.0.1:xxxxx, where X is the local port number for the connection. So you first need to find out what TCP/UDP connections your application has open: netstat -bĪt the command line will give you a list of connections with the name of the executable that created the connection. Every application using TCP/IP to communicate across a network will be using ports, so that the network stack knows where to deliver segments to (I like to call it an application address).Ĭlients connecting to a server application on a specific port will be dynamically allocated a port number from a dynamic range. Given that you are using Wireshark, your port numbers aren't automatically resolved to an application name, so you will need to do a little more to refine the information you are looking for.
0 kommentar(er)
