Ethernet Data Traffic hidden from Wireshark capture

1

I have a puzzle I am not able to figure out, I would appreciate any help.

I am connected to a remote desktop using windows default remote desktop utility (Windows 8 locally, Windows 7 remotely).

The remote desktop is not in the same sub-network as my own.

Connection is made through default port 3389. Using Wireshark locally I can confirm the TCP connection being established and the data flow.

Running Wireshark in the remote desktop, I don`t see any flow of data between the two computers.

If I send a ICMP ping from the remote desktop to my computer, it works well and I can see it in Wireshark both remotely as well as locally. But if I send the ICMP ping from my computer to the remote desktop, it fails. I see it leaving my computer through Wireshark, but it never reaches the remote desktop (I don`t see it in Wireshark).

I don't think it is a firewall issue (specially since it can't explain why Wireshark won`t capture the port 3389 RPC flow).

Does anyone have any idea of what might be going on?

Rafael Dazcal

Posted 2014-11-18T09:01:47.623

Reputation: 111

Answers

0

I found the main issue.

In Wireshark, turns out it is possible to configure the capture interface with a filter.

To change it, go to: Capture->Interfaces

On the interface being used, stop capturing to enable the Options, there it is possible to configure a capture filter.

Rafael Dazcal

Posted 2014-11-18T09:01:47.623

Reputation: 111

Asked: 2014-11-18T09:01:47.623

Viewed: 720 times

Active: 2014-11-18T09:10:01.673