November 26, 2018

Debugging Connectivity with tcpdump and Wireshark

This one is more of a note to myself and something I google every time I need to debug connectivity issues.

When you want to get tcpdump capture in a file and then look at it in Wireshark run the following command on the host you are trying to connect from (and of course change some.host, XYZ and some.file with the values relevant to your case):

sudo tcpdump -i any -n host some.host and port XYZ -w some.file

Once you have some.file locally just drop it in Wireshark. If you are using custom port (lets say 10443 instead of 443 for HTTPS) you may want to right click and choose to Decode As SSL.

Powered by Hugo & Kiss.