This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Scanning trafic throught a specific port

0

I'm using a threat that comunicates with one specific port (for example 55000), I want to scan all the trafic throught this port, so I use the filter

dst port 55000

But it did not appear anything, what I'm doing wrong?

Sorry for my english

asked 15 Mar '16, 02:27

xtapia's gravatar image

xtapia
11114
accept rate: 0%

Are you using dst port 55000 as a capture filter or as a display filter?

Are you sure that the traffic is leaving/coming through the Ethernet interface on which you are capturing?

(15 Mar '16, 03:55) sindy

Is not leaving or coming through the Ethernet interface because is working on my own PC, so it is an internal package. Is impossible to capture it if this package do not "pass" through the Ethernet intergace?

(15 Mar '16, 06:00) xtapia

One Answer:

1

Is not leaving or coming through the Ethernet interface because is working on my own PC

This is known as a loopback connection as it doesn't leave your machine on an external NIC. See the wiki page on capturing on loopback interfaces for more info.

If using Windows you'll need to switch to using npcap instead of WinPcap as mentioned on the page.

answered 15 Mar '16, 06:14

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

edited 15 Mar '16, 06:14

Ok thanks, I ran this thread on another computer of my LAN and Wire Shark captured it perfectly. I'm gonna try to understand hoy to capture it on my own machine.

Thanks a lot!!

(15 Mar '16, 09:22) xtapia