Is it possible to detect an inbound TCP association if no socket is open ? The title says it all. We need to detect an inbound association on port 2000 to detect the IP address before a socket to TCP is open. Is there a way to see the IP address under these conditions with WireShark..? Thank you, Chris asked 14 Nov '10, 01:01  chrisxl |
One Answer:
I'm not sure what you mean by association. But I assume you mean that you want to see which hosts are trying to connect to TCP port 2000, even though port 2000 is not open. Yes, you can see the incoming connections as long as you are using wireshark on the host that people connect too and there is no firewall in between blocking the packets. You can also see these packets n your network if you are using a span or mirror port on the switch to which your host is connected. Or in case there is a blocking firewall, you can use a span/mirror port to look at the packets on the Internet facing interface of the firewall. answered 14 Nov '10, 05:08  SYN-bit ♦♦ |
