Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2323
Views
2
Helpful
12
Replies

Wireshark UDP

Kevin18
Level 1
Level 1

‎04-09-2023 06:57 AM

Hello,

I am currently working on a simple UDP communication. The client.py and server.py is finished and the result is something like that:

Kevin18_0-1681047862770.png

My computer is the server while my Kali Linux (I use a VM) is the client.

I want to analyze this UDP communication but wireshark dont show anything. I use the filter "ip.addr == 192.168.0.11 and udp and ip.addr == 192.168.0.22 and udp" (Those are the IP from the client and server). Wireshark dont show any packet.

Kevin18_1-1681048143272.png

But if I take the IP from the client out. Wireshark is working and show the packet. I am very confused. Is it normal that wireshark dont show the IP from a VM. I can ping the IP from the VM. Even the ping doesnt show up in Wireshark.

If u need more information just ask.

 

 

 

Labels:
12 Replies 12

MHM Cisco World
VIP
VIP

‎04-09-2023 08:00 AM - edited ‎04-09-2023 08:03 AM

 

ip.addr == src <<- not show anything 
ip.addr == des <<- show udp traffic  

Screenshot (563).pngScreenshot (564).png

Screenshot (566).png

0 Helpful

Kevin18
Level 1
Level 1
In response to MHM Cisco World

‎04-09-2023 08:18 AM

Hello,

Thank you for the answer. Wireshark list up a bunch of packet. Where can I find the UDP packet for this communication. I am the server and the client(my VM) send me the message "hello".

Kevin18_1-1681053319336.png

 

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to Kevin18

‎04-09-2023 08:24 AM

udp and ip.addr == x.x.x.x 
you use wrong filter 

0 Helpful

Kevin18
Level 1
Level 1
In response to MHM Cisco World

‎04-09-2023 08:29 AM

Hello,

I change my IP to 192.168.0.17, the client IP is 192.168.0.11

Kevin18_0-1681054119413.png

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to Kevin18

‎04-09-2023 08:35 AM

friend the filter is green meaning it accept by wiresharke 
only after you add 
udp and ip.addr == x.x.x.x <<- add this then press enter in keyboard, enter will make wiresharke filter the traffic 

0 Helpful

Kevin18
Level 1
Level 1
In response to MHM Cisco World

‎04-09-2023 08:42 AM

Hello,

I dont know if I do it right. First, I go to filter and put "udp and ip.addr == 192.168.0.17" in. After that I press Enter and the result is the same.

0 Helpful

MHM Cisco World
VIP
VIP
In response to Kevin18

‎04-09-2023 08:44 AM - edited ‎04-09-2023 08:51 AM

udp.port == xx <<- try this way
also 
udp.port == xx and ip.addr == x.x.x.x <<- also try this 

dont forget press enter in end 

0 Helpful

Kevin18
Level 1
Level 1
In response to MHM Cisco World

‎04-09-2023 08:55 AM

Hello,

Thank you. My problem now is that wireshark cant receive my packet from my VM and they are in the same subnet. But I can ping it and I choose Network Bridge.

MHM Cisco World
VIP
VIP
In response to Kevin18

‎04-09-2023 09:09 AM

You are welcome.

0 Helpful

Kevin18
Level 1
Level 1
In response to MHM Cisco World

‎04-09-2023 09:09 AM

Sorry, I didnt see that. I tried what u suggest and the result remain the same.

Kevin18_0-1681056522793.png

 

 

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to Kevin18

‎04-09-2023 11:04 AM

it can there is no UDP traffic so check all traffic send receive between two hosts 
ip.src== xxx and ip.dst == yyy <<- use this filter 
check the output if there is any UDP traffic or not 

0 Helpful

Georg Pauwen
VIP
VIP

‎04-09-2023 12:12 PM

Hello,

I did not follow the entire thread, but just make sure that your VM does not use a bridged adapter, but NAT mode. It used t be that Wireshark cannot see any traffic if bridged adapters were being used...not sure if that is still the case.

0 Helpful
Customers Also Viewed These Support Documents