Capture TCP communication on a specific port using wireshark

networking tcp tcpip wireshark
6,382

Solution 1

Well, you can always (asuming you have a Linux box) tcpdump traffic. For example: 

tcpdump -i eth0 net 202.168.66.1 'port 9999' -s 65535 -w dump.pcap

Assuming your interface is eth0 that you are listening on.

Start the client, send/receive messages, and then just open that dump.pcap file with Wireshark to see the communication.

Solution 2

Are you using the IP address to connect, or localhost / host name? In that case I guess it could resolve it to the internal IP address (like 127.0.0.1) and the traffic would never be put on a physical interface, and thus not seen by Wireshark.

If the traffic was there, your filter seems like it should pick it up.

Share:
6,382

Related videos on Youtube

Dakait
Author by

Dakait

cutting around the tech corners since 2010...

Updated on September 18, 2022

Comments

  • Dakait
    Dakait over 1 year

    I have build a simple TCP server which listens on port 9999, and it has IP address 202.168.66.1. I have a TCP client which has the same IP address and connects to the server on the said port.

    Now when I start up the server and open Wireshark with display filter tcp.port==9999 and start the client and send/receive a message nothing get displayed in the capture window in Wireshark...

    What am I doing wrong here?

    I'm using Windows 7.

    • HABO
      HABO almost 11 years
      Are the client and server running on the same system?
    • Dakait
      Dakait almost 11 years
      yup they are both on the same sys
    • HABO
      HABO almost 11 years
      Wireshark can capture traffic that goes in and out of a system, but traffic that never leaves the box can be a problem. If you can separate the client and server, or force the network traffic to run through a gateway or router, then Wireshark should see it.
  • Dakait
    Dakait almost 11 years
    +1 for the info but im using windows machine
  • Admin
    Admin almost 11 years
    Then you can use WinDump (which is tcpdump ported to Windows, so most of the options are the same, although finding the right interface for the -i flag is more effort) or Wireshark (which also works on various UN*Xes, as does tcpdump) or Microsoft Network Monitor or any of a number of other packet analyzers.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

TCP Handshake error: SYN and SYN/ACK packets are not recognised
TCP Server sends [ACK] followed by [PSH,ACK]
what does this wireshark info refer to
Why am I getting "No route to host"?
TCP Dup ACK/Retransmission, bad configuration?
Send TCP with incorrect checksums
What does this UDP Packet mean?
TCP header option: SACK-permitted (Selective Acknowledgments) negotiation
Wireshark - How do i filter the TCP[RST] packet?
TCP segment of a reassembled PDU