Wireshark mailing list archives
Re: Having problem tracing multiple ip addresses
From: "Robert Blair" <bob-wireshark () listemail net>
Date: Tue, 27 Apr 2021 16:49:20 -0700
** Reply to message from Hugo van der Kooij via Wireshark-users <wireshark-users () wireshark org> on Mon, 26 Apr 2021 07:23:43 +0000
Bob, My first guess would be that you never see the packets on the interface you are snooping on. Can you check by removing the filter and see if you get them unfilterered? Let's make sure we look at solving the right problem. Regards, Hugo. -----Original Message----- From: Wireshark-users <wireshark-users-bounces () wireshark org> On Behalf Of Robert Blair Sent: Friday, 23 April 2021 20:36 To: wireshaer <wireshark-users () wireshark org> Subject: [Wireshark-users] Having problem tracing multiple ip addresses I changed three IoT devices from DHCP to static addresses so I could trace all three of them. when I enter "net 192.168.60.201" in the capture filter I get all traffic to and from the ip. If I enter "net 192.168.60.200/30" I get all fraffic from the ip addresses but none going to the ip addresses. According to the documentation at <https://wiki.wireshark.org/CaptureFilters> that syntax shoud capture all traffic going to and from the device. Any assistance on getting the trace to work will be appreciated.
On another OS I have used IP tracing many times, on Ubuntu only two or three times. After seeing the trace from wireshark I now have no clue what is going on. When I started with these IoT devices I had both of the routers WIFI interfaces with the same SSID and password. This caused problems trying to configure the IoT device, support told me to make the WIFI interfaces use different SSID. At that time I changed my laptop to use the 2.4ghz WIFI interface as the IoT devices only use 2.4ghz. So my testing has been with laptop using WIFI only, the wired NIC was not plugged in. These tests were run with wireshark on my laptop and using an iPad to control the device. The APP on the iPad communicates with a cloud program that sends the commands to the devices and returns information to the iPad. No wired interface and WIFI (wlp0s20f3) on the 2.4ghz interface. Using wireshark (capture everything and display filter the devices) the only messages I see are the IoT device sending the broadcast to 224.0.x.x. I had expected to see all of the traffic to and from the device. With the wired interface (enp1s0) and WIFI. Using wireshark (capture everything and display filter the devices) I see traffic only to and from my local LAN and the broadcast messages. Nothing to or from the internet. -- Robert Blair The Constitution is not a document for the government to restrain the people: it is an instrument for the people to restrain the government. -- Patrick Henry ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Having problem tracing multiple ip addresses Robert Blair (Apr 23)
- Re: Having problem tracing multiple ip addresses chuck c (Apr 23)
- Re: Having problem tracing multiple ip addresses Ricardo Díez Antequera (Apr 23)
- Re: Having problem tracing multiple ip addresses Hugo van der Kooij via Wireshark-users (Apr 26)
- Re: Having problem tracing multiple ip addresses Robert Blair (Apr 27)