Ask Your Question
0

How can I filter for traffic only a specific port?

asked 2020-12-04 13:41:02 +0000

mnemec24 gravatar image

I am watching the traffic on a machine coming and going to a server, and we frequently have a dropped connection. I would like to see the traffic on the port that the 2 machines communicate on to see if we can determine what precipitates the drops.

edit retag flag offensive close merge delete

Comments

Are you asking about a protocol port (TCP/UDP) or a network interface port (NIC)?

Chuckc gravatar imageChuckc ( 2020-12-04 13:57:58 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-12-04 14:07:20 +0000

grahamb gravatar image

updated 2020-12-04 17:44:59 +0000

Guy Harris gravatar image

As noted in the user guide, there are two types of filters; capture filters that limit the traffic that is captured and display filters that limit the traffic that is displayed from a capture.

While a capture filter can be useful to limit the traffic under investigation, when troubleshooting certain issues the capture filter can drop packets that may be essential, e.g. icmp, so at first don't set a capture filter. The capture filter syntax is detailed here, some examples can be found here and in general a port filter is port <port number>.

Display filter syntax is detailed here and some examples can be found here and a port filter for tcp is tcp.port == <port number> and for udp is udp.port == <port number>.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-12-04 13:41:02 +0000

Seen: 380 times

Last updated: Dec 04 '20