multicast

Recently been using wireshark to determine network activity when using multicasting – is proved invaluable to helping to track down some application features.

Wireshark is a great free tool available from http://www.wireshark.org/

Use wireshark to sniff the network. Download here

to start a trace:

define filter – see examples below
menu – capture/interfaces. Select interfaces you wish to trace :
press start

The filter is all powerful, change it to do what you need!

examples

trace UDP traffic only for a define port

here, we want to trace all UDP traffic on ports 7980 and 6980
So, the filter will be ” udp.port==7980 or udp.port==6980″

show all traffic originating from a given IP and being sent to another IP

Set the filter to be ip.dst==xxx.xxx.xxx.xxx&&ip.src==xxx.xxx.xxx.xxx

example

Eg ip.dst==230.6.8.1&&ip.src==172.27.98.15 . ie i used this example to show all traffic sent from my source machine (.15) onto the multicast pool address (230.6.8.1).

M	T	W	T	F	S	S
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Big Nose Kates

thoughts from a concatenated mind

Using Wireshark to trace packets

to start a trace:

examples

trace UDP traffic only for a define port

show all traffic originating from a given IP and being sent to another IP