![]() Just pick a packet in the packet list pane that involves traffic between the two systems whose conversation you’d like to view, right-click that packet, and choose “Conversation filter.” You’ll typically have several choices here for example, “Ethernet” will create a filter using MAC addresses of the two systems “IP” will create a filter using IP addresses and “TCP” will create one using both IP addresses and port numbers. Now of course you could manually type in a filter that would do this, such as “(ip.addr eq 10.10.1.50 and ip.addr eq 74.125.65.100) and (tcp.port eq 60479 and tcp.port eq 80)” for example. ![]() Last post we discussed filtering packets in Wireshark to restrict the displayed packets according to specified criteria, such as “tcp.port = 3389” to view Remote Desktop Protocol traffic, “tcp.port = 80” to view Web traffic, and “LDAP” to view Active Directory traffic.Īnother way to zero in on traffic of interest is to view a “conversation” between two specific systems.
0 Comments
Leave a Reply. |