User Tools

Site Tools


Sidebar


guides:networking:packet_tracing

Networking : Packet Tracing

Use Wireshark for network packet tracing and analysis.

http://www.wireshark.org/ - Official Wireshark Website - Download from here

http://wiki.wireshark.org - Wireshark Wiki

http://wiki.wireshark.org/DisplayFilters?highlight=%28filter%29 - Wireshark Display Filters

Some Display Filter Rules

To show only SMTP (port 25) and ICMP traffic:

tcp.port eq 25 or icmp

Show only traffic in the LAN (192.168.x.x), between workstations and servers – no Internet:

ip.src==192.168.0.0/16 and ip.dst==192.168.0.0/16

Filter against both ip source and destination

ip.addr == 10.43.54.65

To show packets containing specific text:

tcp contains "SEARCH-TEXT" or udp contains "SEARCH-TEXT"

Running on Mac OS X

To run Wireshark in Mac OS X you will need permission to the /dev/bpf* files. To fix permissions do the following:

sudo chgrp admin /dev/bpf*
sudo chmod g+rw /dev/bpf*
sudo chown michaelc:admin /dev/bpf*

where michaelc is your current username. run whoami to see what it is.

Installing ChmodBPF

cd /Library/StartupItems
sudo chown -R root:wheel ChmodBPF
guides/networking/packet_tracing.txt · Last modified: 2011/01/30 13:59 by michaelc