Re: help me please

[Miszcsi Miszcsi <miszcsike () yahoo com>]

Hi 

How to figure out the combination ? For this I should visualize somehow the NAT table, but I dont know how to do this. 

Thanks

Miszcsi

PS I still need help in this problem :( Everybody on weekend holiday or sleeping ? :D Still stucked with the project... 

--- On Sat, 4/17/10, Jaap Keuter <jaap.keuter () xs4all nl> wrote:

From: Jaap Keuter <jaap.keuter () xs4all nl>
Subject: Re: [Wireshark-users] help me please
To: "Community support list for Wireshark" <wireshark-users () wireshark org>
Date: Saturday, April 17, 2010, 8:28 AM

Hi,
It seems like the NAT function is interfering with your capture filter. Maybe you can figure out what the exact 
address/port translation function is by looking at all WAN interface data. 
Thanks,Jaap

Send from my iPhone
On 17 apr 2010, at 10:09, Miszcsi Miszcsi <miszcsike () yahoo com> wrote:

Hello!
Please somebody help me with my problem !  I'm new in this and I'm stucked with my project because of this problem and 
I cannot going further. 
Any concrete and real help would be appreciated. 

I'm trying to monitor network traffic on windows gateway
with Wireshark, specially IM traffic, Yahoo Messenger. I have 2
fastethernet cards in the pc, one for WAN and one for LAN.
If I'm
running the sniffer on an internal pc, i have both incoming and
outgoing packets from and to yahoo server or in case of peertopeer
messaging to and from remote discussion partner.
If I'm running the
sniffer on the gateway using WAN interface for capture, I have only
incoming packets, and no outgoing. For filtering @capture I'm using the
option 
"tcp port 5050 and host X.X.X.X" where X.X.X.X is the IP adress of the internal pc.
(Wireshark - Capture Options - and I enter in the Capture Filter field this, after then Start)
I
have one staticly assigned real IP on the WAN, and dhcp assigned
private IP's for internal pcs (192.168.0.X), they are assigned based on
each pc's MAC adress, so they are constant and not interchanging. I'm using source NAT on WAN interface.

What I'm doing wrong or why outgoing packets doesn't appear in Wireshark ?

There is an example in Wireshark User's Guide from where I was inspired :
Example 4.1.  A capture filter for telnet that captures 
traffic to and from a particular host tcp port 23 and host 10.0.0.5

Please somebody explain what is the solution or the problem what 
makes that I see only incoming packets and nothing outgoing.

Best Regards 
Miszcsi









      ___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
-----Inline Attachment Follows-----

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe