This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to get IP of the server i’m connecting to

0

Hello everyone.

I'd like to know the IP of a TCP server I'm connecting to. For example, while I play a game and I'm connecting to a server, I wanna know the IP of that server.

People tells me that Wireshark CAN do this, since it sniffs your network traffic.

So, how to capture the IP of the TCP server I'm connecting to?

Thanks in advance!

asked 02 Nov '15, 03:16

mtur's gravatar image

mtur
6112
accept rate: 0%

One Answer:

0
  1. Download and install Wireshark on the PC that will connect to the server.
  2. Open Wireshark and start a capture.
  3. On the same PC running Wireshark, start the TCP connection.
  4. Wait for the connection to the server to be established and some data is transferred.
  5. Stop the capture on Wireshark.
  6. Enter the following display filter in wireshark: tcp

This will list all the TCP streams that was captured.

answered 02 Nov '15, 09:18

Amato_C's gravatar image

Amato_C
1.1k142032
accept rate: 14%

Thanks for the reply. I wanted to know if there's a way to determine which is the right one in the great list that shows up on the screen!

(02 Nov '15, 09:26) mtur

If you know the TCP port that is being used for the connection, then you can use the display filter tcp.port==xx where xx is the port number. For example, web traffic use port 80 and port 8080, so the filter would be:

tcp.port==80 || tcp.port==8080

If you know the IP address of the TCP server, then you could use the display fitler: ip.addr==x.x.x.x

If you want more help, then you have to provide more details on the TCP connection you want to investigate and preferably leave a capture file on cloudshark or Google drive, etc.

(02 Nov '15, 10:17) Amato_C