How do I capture and filter Microsoft Exchange 2007 traffic coming from the MX server to my desktop? I have Wireshark on my box. asked 19 Nov '10, 10:40  Delfino |
One Answer:
Open the capture dialog box and use this as your filter "host 1.1.1.1 or host 2.2.2.2 or host 3.3.3.3" where 1.1.1.1 is your exchange server, 2.2.2.2 is your active directory server, and 3.3.3.3 is where your PST file is stored. You may have some group address servers etc so you can also try capturing w/o any filters. Do uncheck the "capture promiscous" mode option so you won't see unnecessary traffic. Be sure to close down all other applications before capturing. Finally, the RPC that Exchange negotiates is dynamic, so you may not see the same tcp ports on subsequent captures. Good luck. answered 19 Nov '10, 12:44  hansangb |
