This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

how do i capture packets between two hosts?

once packets are captured, how do i know the cause of the problem? like email alerts sent from Oracle server to Exchange server sometimes fail. is there something like a reference that i can compare against my captured packets?

asked 26 Feb '14, 00:51

rino19ny's gravatar image

rino19ny
1111
accept rate: 0%


how do i capture packets between two hosts?

by following the steps described here: http://wiki.wireshark.org/CaptureSetup

and here: http://wiki.wireshark.org/CaptureSetup/Ethernet or http://wiki.wireshark.org/CaptureSetup/WLAN whatever applies in your environment.

once packets are captured, how do i know the cause of the problem?

by analyzing the problem description, then 'mapping' that description to involved protocols (http, smtp, whatever) and finally by looking at the matching connections between the involved systems (Oracle and/or mail sever).

is there something like a reference that i can compare against my captured packets?

Most certainly no, as every network is different. However, you should learn something about the basic protocols (IP, TCP, UDP, http, smtp, etc.). With that knowledge (and some experience), you should be able to figure out if the connection you are analyzing shows any problem.

Regards
Kurt

permanent link

answered 27 Feb '14, 05:23

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×14
×5

question asked: 26 Feb '14, 00:51

question was seen: 1,823 times

last updated: 27 Feb '14, 05:23

p​o​w​e​r​e​d by O​S​Q​A