Wireshark is Wireshark. Check your filters and ensure you are in the interception path. EoE On 12/17/10, Simon Mbuthia <simon.mbuthia@gmail.com> wrote:
Hi guys,
I have a host 192.168.10.10 subnet, polling for mail from 192.168.10.105, which also has another network card, 10.0.0.3
I am running tcpdump on 10.0.0.2 [the firewall] and all I see from 'host 192.168.10.100' are UDP packets and acks. Nothing TCP. So I log in to my windows PC, 192.168.10.44 and start wireshark, and using the expression 'ip.src eq 192.168.10.10' and all I see are UDP packets again. Looking at the mail server logs, I can tell that the mail client 192.168.10.10 is running as he is polling the mail server for messages. This user uses AVG antivirus which is not what is installed on the other PCs and I am just wondering how it is possible for TCP packets/segments not to be detected by a packet sniffer in the same subnet.
Anyone who can unravel this mind boggling mystery for me???
Me.
-- Sent from my mobile device