Hi, I have an application, that I would like to check if is using bidirectional traffic. Is possible to check these with wireshark? Thanks and sorry for my English! |
Yes, you can see bidirectional traffic in Wireshark. Thanks... but how could I can identificate?
(16 Jun '16, 09:56)
absolut
Wireshark will show ingress/egress traffic to/from the capture point. Look at the Source address. Ingress traffic will have the Source address as the capture point. Egress traffic will have a different source address.
(16 Jun '16, 12:45)
Amato_C
Sorry I understand that the bi-directional communication always begin by source ip to destination ip, and communicates by the same port. So if I see like these:
It seems that is not bi-directional no? thanks!
(16 Jun '16, 14:03)
absolut
It is bidirectional. The port numbers the participants use are independent of each other and tshark doesn't show them by default. So one participant uses IP address Besides, tshark shows the name of the highest-level protocol it could find in the frame. So if a transport protocol (TCP in your case) is used to convey PDUs of an application protocol (GIOP in your case), the frames which carry any GIOP as TCP's payload are marked as GIOP ones; the frames belonging to the same TCP session but carrying only TCP's overhead are marked as TCP ones (frame 12337 in your example).
(16 Jun '16, 14:30)
sindy
|