This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

This is probably been asked, but I cannot find it. I am looking to move an application servers from on-prem to AWS. I am trying to determine all the IP addresses and on what ports that are hitting this server so I can setup our firewalls and the security groups accordingly. I need to run a survey for about 24 hours to get a good idea of all the endpoints and ports.

I have tried setting the capture settings to only capture 64b of data and recreate a new file every 10 minutes. When Wireshark does not crash after about 2 hours, it is generating a lot of files and using a chunk of disk space. It is also going to be something of a pain to analyze. Does anyone have a better way of doing this?

asked 08 Jun '17, 05:49

NDanger69's gravatar image

NDanger69
6112
accept rate: 0%


Yes. See this blog post I wrote: https://blog.packet-foo.com/2013/05/the-notorious-wireshark-out-of-memory-problem/

Also, if you're looking at what ports that server is hosting services on, why not run a "netstat" command on the server itself to check which ports are open? Or, if you can't do that, run an nmap scan against the server IP to see which ports are in service?

permanent link

answered 08 Jun '17, 06:09

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

edited 08 Jun '17, 06:11

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×549
×14
×1

question asked: 08 Jun '17, 05:49

question was seen: 588 times

last updated: 08 Jun '17, 06:11

p​o​w​e​r​e​d by O​S​Q​A