User Tools

Site Tools



Networking : Packet Tracing

Use Wireshark for network packet tracing and analysis. - Official Wireshark Website - Download from here - Wireshark Wiki - Wireshark Display Filters

Some Display Filter Rules

To show only SMTP (port 25) and ICMP traffic:

tcp.port eq 25 or icmp

Show only traffic in the LAN (192.168.x.x), between workstations and servers – no Internet:

ip.src== and ip.dst==

Filter against both ip source and destination

ip.addr ==

To show packets containing specific text:

tcp contains "SEARCH-TEXT" or udp contains "SEARCH-TEXT"

Running on Mac OS X

To run Wireshark in Mac OS X you will need permission to the /dev/bpf* files. To fix permissions do the following:

sudo chgrp admin /dev/bpf*
sudo chmod g+rw /dev/bpf*
sudo chown michaelc:admin /dev/bpf*

where michaelc is your current username. run whoami to see what it is.

Installing ChmodBPF

cd /Library/StartupItems
sudo chown -R root:wheel ChmodBPF
guides/networking/packet_tracing.txt · Last modified: 2011/01/30 13:59 by michaelc