How to filter the packets from specific host name and port on wireshark. I'm looking for the syntax to do a capture filter on WireShark, by capturing the traffic on several (specific) IP addresses.
You can use this capture filter:
host 192.168.1.2 or 192.168.1.3 or 192.168.1.4
Type this command in capture->option->capture filter
Related
In Go one can send UDP packets using net.Addr interface to specify the target endpoint. Some special addresses, e.g. :8080 and 0.0.0.0, sends packets using local loopback interface. When received, still on the same host, the message's net.Addr shows [::1]:8080 as source. What is the the easiest way to determine that the packet was sent and received by the same host?
Here's an example in the Go Playground. It shows 0.0.0.0:8080 (ipv4) instead of [::1]:8080.
I ended up using net.Dial("udp", addr) and eminently closing the connection. Dial also resolves hostnames, which I also needed.
Would be nice to avoid creating a socket, but Dial works for now.
:8080 is not an address, it is a port number, typically used when testing your own http websites on Windows because on Windows you cannot easily use port 80, the actual http port.
This will only use the loopback interface if you use localhost as the IP address.
The localhost address for IPv4 is 127.0.0.1 and for IPv6 it is ::1. The address 0.0.0.0 is usually used as a placeholder address to indicate, for example, listening on all IP addresses, see this question.
As mentioned in the comment, you can use net.IP.Equal to check if your peer is localhost. Just compare your address in question to 127.0.0.1 or to ::1, the net.IP.Equal function considers them equal.
I want to get the port number and ip address of a server
For ip address i can
ping the xyz.com and to get the ip address resolved.
but how do i include the port number
From this Serverfault answer:
You can't ping ports, as Ping is using ICMP which doesn't have the
concept of ports. Ports belong to the transport layer protocols like
TCP and UDP. However, you could use nmap to see whether ports are open
or not
nmap -p 80 example.com
Edit: As flokra mentioned, nmap is more than
just a ping-for-ports-thingy. It's the security auditers and hackers
best friend and comes with tons of cool options. Check the doc for all
possible flags.
Try:
telnet xyz.com 80
If it's showing output like
Connected to xyz.com.Escape character is '^]'.
Means your domain (xyz.com) is listening on port 80.
Newbie alert with no TCP/IP knowledge... I am trying to set up a production test rig for testing an embedded 6-way ethernet switch by populating an XP PC with 6 NIC cards. I've started with two NICs just to prove the point, both on the same subnet, manual IP addresses of 172.16.0.1 / 172.16.0.2. The routing table (route print) shows (I believe) two loopback entries :
=====================================================
172.16.0.0 255.255.255.0 172.16.0.1 172.16.0.1
172.16.0.0 255.255.255.0 172.16.0.2 172.16.0.2
172.16.0.1 255.255.255.255 127.0.0.1 127.0.0.1
172.16.0.2 255.255.255.255 127.0.0.1 127.0.0.1
172.16.255.255 255.255.255.255 172.16.0.1 172.16.0.1
172.16.255.255 255.255.255.255 172.16.0.2 172.16.0.2
=====================================================
I would like to remove the loopback entries and replace them with "always external" routing entries.. i.e. if you ping 172.16.0.1 the packets use adapter 172.16.0.2, and are routed by the switch back to 172.16.0.1 and if you ping 172.16.0.2 the packets leave 172.16.0.1, and get routed by the switch back to 172.16.0.2, thereby doing a rudimentary connectivity test of the cables, the switch IC, magnetics etc.
A command of :
route add 172.16.0.1 mask 255.255.255.255 172.16.0.2 (which seems to me to be uniquely specifying the use of 172.16.0.2 to send packets to a destination 172.16.0.1) fails with "The route addition failed: The route parameter is incorrect"
While : route add 172.16.0.2 mask 255.255.255.255 172.16.0.1 is accepted but I can't then ping 172.16.0.2
I did find some really good explanations in your old posts of meanings of each line in the table, but I'm obviously not quite understanding what is going on. I'm slightly concerned that the auto-generate route table has specified two adapters as gateways, but I don't know enough to understand the implications.
Ultimately, with 6 NICs in the box, I'd like to be able to make a table that will enable me to exercise every port on the switch.
many thanks
David
You can use ping to do this. First setup the NICs to have static IP addresses. I'll give you an example with 2 NICs. NIC1 is set to 192.168.0.2 and NIC2 is 192.168.0.1. Then run the command:
ping 192.168.0.2 –s 192.168.0.1 –t
I think you'll find that if you unplug the external loopback cable the test will fail and if you plug it back in again, it will pass. For more help on ping, type ping -?
You may have to disable Windows Firewall to let the ping traffic through.
How to capture only incoming TCP streams in WireShark?
(I would like to capture only HTTP connections to my web server, not any outgoing HTTP connections from applications.)
Based on my test,
1. You can use this capture filter for the WireShark that running on the server which you want monitor incoming packets:
dst host 10.58.123.456 and dst port 8080
And you can use following result filter to view traffic comes from certain client:
ip.src_host == 10.78.123.456
Use a filter like (ip dst host 192.168.0.1 and tcp dst port 80) or (ip src host 192.168.0.1 and tcp src port 80).
I hope this isn't too basic a question. The title kind of asks it all. :-)
The ping command will allow strict source routing so you can specify the default gateway to use on the way out. (This assumes your interfaces have distinct gateways i.e. are on different networks)
ping -k 192.169.1.1 microsoft.com
^ default gateway for desired interface
Using WMI Win32_PingStatus you can do the same thing where you specify SourceRoute and SourceRouteType (This is essentially the same as using ping -k)
Alternatively:
If your network interfaces are on the same network, like a LAN card and a wireless adapater
you can add a custom ROUTE to your machine, which can send all traffic through a specific interface.
From ROUTE HELP:
route ADD 207.46.0.0 MASK 255.255.0.0 192.168.1.1 METRIC 3 IF 2
destination^ ^mask ^gateway metric^ ^
Interface^
ping also has an option in Windows:
-S srcaddr Source address to use.
So you can do something like
ping 10.10.10.1 -l 0 -S 192.168.1.1
where 10.10.10.1 is the destination address and 192.168.1.1 is the address of the source adapter