March 1, 2017

Troubleshooting with Wireshark - Filtering on Intra-Subnet Conversations

In most cases, clients are talking to servers to support services requested by users. We typically should not see clients communicating directly with other clients on our subnets, unless there is some file sharing or other type of expected activity.

In this video, we will look at how to filter for intra-subnet conversations - clients talking directly to other clients - and examine what normal vs. abnormal traffic looks like. We will see one client performing a TCP port scan and how to filter for open ports.

Hope this helps you in tracking down strange client behavior.

Leave a Reply

Your email address will not be published. Required fields are marked *

Packet Pioneer is devoted to helping engineers and developers of all experience levels gain comfort with packet analysis.
crossmenu linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram