2
I have build a simple TCP server which listens on port 9999, and it has IP address 202.168.66.1. I have a TCP client which has the same IP address and connects to the server on the said port.
Now when I start up the server and open Wireshark with display filter tcp.port==9999 and start the client and send/receive a message nothing get displayed in the capture window in Wireshark...
What am I doing wrong here?
I'm using Windows 7.
Dakait
Posted 2013-05-29T10:57:52.680
Reputation: 121
3
Well, you can always (asuming you have a Linux box) tcpdump traffic. For example:
tcpdump -i eth0 net 202.168.66.1 'port 9999' -s 65535 -w dump.pcap
Assuming your interface is eth0 that you are listening on.
Start the client, send/receive messages, and then just open that dump.pcap file with Wireshark to see the communication.
mirkobrankovic
Posted 2013-05-29T10:57:52.680
Reputation: 936
+1 for the info but im using windows machine – Dakait – 2013-05-30T03:59:38.217
Then you can use WinDump (which is tcpdump ported to Windows, so most of the options are the same, although finding the right interface for the -i flag is more effort) or Wireshark (which also works on various UN*Xes, as does tcpdump) or Microsoft Network Monitor or any of a number of other packet analyzers.
2
Are you using the IP address to connect, or localhost / host name? In that case I guess it could resolve it to the internal IP address (like 127.0.0.1) and the traffic would never be put on a physical interface, and thus not seen by Wireshark.
If the traffic was there, your filter seems like it should pick it up.
Rune Jacobsen
Posted 2013-05-29T10:57:52.680
Reputation: 243
Are the client and server running on the same system? – HABO – 2013-05-29T12:10:38.587
yup they are both on the same sys – Dakait – 2013-05-30T03:58:34.180
1Wireshark can capture traffic that goes in and out of a system, but traffic that never leaves the box can be a problem. If you can separate the client and server, or force the network traffic to run through a gateway or router, then Wireshark should see it. – HABO – 2013-05-30T13:21:49.277
im gonna do that now... – Dakait – 2013-05-30T22:21:10.017