This is probably been asked, but I cannot find it. I am looking to move an application servers from on-prem to AWS. I am trying to determine all the IP addresses and on what ports that are hitting this server so I can setup our firewalls and the security groups accordingly. I need to run a survey for about 24 hours to get a good idea of all the endpoints and ports. I have tried setting the capture settings to only capture 64b of data and recreate a new file every 10 minutes. When Wireshark does not crash after about 2 hours, it is generating a lot of files and using a chunk of disk space. It is also going to be something of a pain to analyze. Does anyone have a better way of doing this? asked 08 Jun '17, 05:49  NDanger69 |
One Answer:
Yes. See this blog post I wrote: https://blog.packet-foo.com/2013/05/the-notorious-wireshark-out-of-memory-problem/ Also, if you're looking at what ports that server is hosting services on, why not run a "netstat" command on the server itself to check which ports are open? Or, if you can't do that, run an nmap scan against the server IP to see which ports are in service? answered 08 Jun '17, 06:09  Jasper ♦♦ edited 08 Jun '17, 06:11 |
