Home
JAQForum Ver 24.01
Log In or Join  
Active Topics
Local Time 06:58 02 Aug 2025 Privacy Policy
Jump to

Notice. New forum software under development. It's going to miss a few functions and look a bit ugly for a while, but I'm working on it full time now as the old forum was too unstable. Couple days, all good. If you notice any issues, please contact me.

Forum Index : Microcontroller and PC projects : W10: Help setting up Wireshark....

Author Message
Grogster

Admin Group

Joined: 31/12/2012
Location: New Zealand
Posts: 9610
Posted: 05:19am 09 Jan 2021
Copy link to clipboard 
Print this post

Hello all.

I need some help please.  I am trying to setup Wireshark so that it will monitor a specific IP address, but I am a little lost, as the program is quite complex.

Can anyone help me?
I want it to monitor IP address 13.107.4.32, which is the Microsoft NCSI server.

I have the globe-icon in the system tray issue, where W10 insists there is no internet, even though there is, and it was suggested on the MS forum thread by a MS employee that packet capture should be used to help determine what the issue is.

The thread on the MS forums is now 21 pages long and 625 posts, so I don't think this issue is going to be fixed anytime soon.  It appears to be specific to Windoze Ten, as other versions of Windoze don't have this issue, and Linux definitely never moans about no internet when there actually is.

So, I want to setup an IP packet capture for the above IP address, capturing both outgoing and any incoming replies from that IP address.  I have worked out how you setup a capture file, but the packet filtering and display filtering is where I am lost.

Can anyone help?
Smoke makes things work. When the smoke gets out, it stops!
 
TassyJim

Guru

Joined: 07/08/2011
Location: Australia
Posts: 6283
Posted: 05:56am 09 Jan 2021
Copy link to clipboard 
Print this post

Try
ip.dst == 13.107.4.32 || ip.src == 13.107.4.32


That should capture any thing to or from the IP in question.

I normally capture all and use a filter similar to that in the display area but it should work in the capture field as well.

No.
It needs to be
host 13.107.4.32

in the capture filter (just to be different).


Jim
Edited 2021-01-09 16:05 by TassyJim
VK7JH
MMedit
 
Grogster

Admin Group

Joined: 31/12/2012
Location: New Zealand
Posts: 9610
Posted: 07:47am 09 Jan 2021
Copy link to clipboard 
Print this post

Thanks, Jim.

I will try to put that in motion, and report back here.
Smoke makes things work. When the smoke gets out, it stops!
 
Print this page


To reply to this topic, you need to log in.

The Back Shed's forum code is written, and hosted, in Australia.
© JAQ Software 2025