Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version
  1. One of the best Wireshark tips (not sure who to credit) is to turn the colors off.
    All the red packets can be a red herring. :-)

  2. Work down through the Statistics menus - Protocol Hierarchy, Conversations, Endpoints.
    There is a port scan mixed in - filter those packets out and the capture gets clearer.

  3. Filter out any protocols that probably aren't being used to transfer data.
    Double check before excluding since data is sometimes tunneled through these "other" protocols.
    (Filtering out the port scan and ancillary protocols cut about 2500 packets out of the display.)