Q

How do I find the application on my network that's dropping packets?

Learn how to use Wireshark to trace dropped packets being sent from a PC on your network or an external application/service and secure SMTP ports, from our expert Michael Gregg.

Just had a fundamental doubt. In my network, the firewall is being sent packets to the SMTP port. I have blocked the port and am logging the dropped packets. I can see a certain PC which has been sending the packets. On network monitoring, we did not find the source port on the rouge PC. How do I find the application / service which is trying to send the packet to the firewall? Where should we run the packet filter tool?
When you capture these packets if you are using a tool such as Wireshark look at the look offset 0x23 and 0x24. This is the source port in a TCP header. In the middle frame of a packet capture it would look like this:

Middle frame of a packet capture
Click Image to enlarge screenshot.

In this example the source port is 2346. Source ports are typically chosen at random. If you have access to the system sending the traffic you can run a tool like fport or run netstat -an from the command line.

This was first published in September 2009
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close