This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to capture the NATed out-bound HTTP syn request and inbound HTTP responses in a 3-way handshake process; identify our public IP address and our device’s private IP address?

asked 19 Aug '14, 19:47

randy%20S's gravatar image

randy S
1223
accept rate: 0%

edited 19 Aug '14, 19:49


Hi Randy,

One way would be to trace on the inside and the outside interfaces of the firewall. If you can use one PC with two NICs that would be good because both traces will be timestamped by one clock and so pretty closely synchronized. If must use two PCs, try to manually sync the clocks on them as best you can. Capture the traces and the match the packets in each trace using the detsination Internet address (the server the PC is trying to talk to) and the TCP sequence numbers (usually the firewall NAT doesn't change these). Remember to switch off the TCP protocol preference "Relative Sequence Numbers" in Wireshark so that you get distinctive sequence numbers.

Best regards...Paul

permanent link

answered 20 Aug '14, 06:29

PaulOfford's gravatar image

PaulOfford
131283237
accept rate: 11%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×1,620
×178
×44
×3
×3

question asked: 19 Aug '14, 19:47

question was seen: 1,943 times

last updated: 20 Aug '14, 06:29

p​o​w​e​r​e​d by O​S​Q​A