What I need to see is the TCP messages sent to a port for a given IP. So for example
127.0.0.1:11000
How can I see all the TCP messages being sent to that port?
This has to work with Windows, either Windows 2003 or XP
I have tried WireShark, but I don't know the proper filter.
The soluiton does not have to wireshark, but the solution must cost nothing.
-
The wireshark expression is ip.addr == 127.0.0.1 and tcp.port == 11000
Also, you could use Microsoft Network Monitor 3.3, which might look a little more familiar. The display (or capture -- syntax is the same) filter for that would be: TCP.DstPort == 11000 and Ipv4.Address == 127.0.0.1
From quadruplebucky -
The filter language for Wireshark is taken from tcpdump/pcap-filter. Please click on the link for a reference.
So, for example, to filter on all messages with destination 127.0.0.1:11000 you would use the following expression:
tcp port 11000 and dest host 127.0.0.1.PP : Note that there are two types of filters: capture filters, and display filters. I've provided the capture filter (which limits what packets are captured). @quadruplebucky has provided a display filter which you could apply after capturing all packets.charlesbridge : That filter should also work with windump, the windows version of tcpdumpFrom PP -
Wireshark traffic filters are explained here : http://www.wireshark.org/docs/wsug_html_chunked/ChCapCaptureFilterSection.html
Basically in your case, you need
tcp port 11000 and host localhostFrom Dominik
0 comments:
Post a Comment