Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

WireShark - Capture Filter - FIN packets only

Posted on 2010-11-10
2
Medium Priority
?
1,933 Views
Last Modified: 2012-05-10
Hi All,

I'm troubleshooting a WAN Telnet disconnect problem that only occurs after 1-2 hours of inactivity.  The terminal emulation software vendor tells me I need to look for "FIN" packets for finding what device is terminating the connection.  Since there will be so much traffic in 1-2 hours, I'd like to just capture any packets that contain "FIN".

Can you help me with building the Capture Filter to accomplish this?

Thanks,
Dave
0
Comment
Question by:dsstao
2 Comments
 
LVL 14

Accepted Solution

by:
Otto_N earned 2000 total points
ID: 34102485
'tcp[tcpflags] & tcp-fin != 0'  should do the trick (without the quotes, of course).

However, there can be quite a lot of TCP connections closing.  If you want to capture only packets to and from a particular host, add 'and host 10.10.10.1' to the capture filter.
0
 
LVL 1

Author Closing Comment

by:dsstao
ID: 34103671
Thank you, YDM
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up SSH Cisco We are all told that you should not use Telent for connecting to devices because it is unsecure and all clear text. Much better is to use SSH, but it can seem a bit of a challenge setting it all up and especially in a small n…
A Wildcard Certificate means all of your sub-domains will resolve to the same location, regardless of the non-SSL Document-Root specification. A user will need to purchase a wildcard SSL from a vendor or a reseller that supplies them. Similar to ha…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question