How do I find the application on my network that's dropping packets?

Learn how to use Wireshark to trace dropped packets being sent from a PC on your network or an external application/service and secure SMTP ports, from our expert Michael Gregg.

Michael Gregg, Superior Solutions, Inc.

Just had a fundamental doubt. In my network, the firewall is being sent packets to the SMTP port. I have blocked the port and am logging the dropped packets. I can see a certain PC which has been sending the packets. On network monitoring, we did not find the source port on the rouge PC. How do I find the application / service which is trying to send the packet to the firewall? Where should we run the packet filter tool?

When you capture these packets if you are using a tool such as Wireshark look at the look offset 0x23 and 0x24. This is the source port in a TCP header. In the middle frame of a packet capture it would look like this:

Click Image to enlarge screenshot.

In this example the source port is 2346. Source ports are typically chosen at random. If you have access to the system sending the traffic you can run a tool like fport or run netstat -an from the command line.

This was last published in September 2009

Dig Deeper on Network Security Monitoring and Analysis

Wireshark tutorial: How to use Wireshark to sniff network traffic Learn how to use the Wireshark packet analyzer to monitor network traffic, as well as how to use the Wireshark packet sniffer for network traffic analysis and inspection.

How hackers use idle scans in port scan attacks Hackers exploit port scan attacks to mask their identities before launching an attack. One of their favorites: the idle scan.

Avoid network traffic jams with Hyper-V Port Mirroring Worried about network performance in your multilayered virtual networking architecture? Microsoft is making network traffic monitoring easier with Hyper-V Port Mirroring.

Why TCP traffic spikes with source port zero should sound an alarm Are spikes in TCP traffic with source port zero warning signs that future attacks are imminent? Discover why enterprises should be concerned.

Using Wireshark: Reviewing four key Wireshark features Become familiar with four Wireshark features network security pros value in this packet-capturing analytics tool.

SDN security strategies for network attack prevention With a deeper level of visibility and granular control, SDN security strategies can better prevent a wide range of network attacks.

Related Q&A from Michael Gregg

Expert tips to solve port 3389 issues when end users gets blocked

Enterprise security expert, Michael Gregg answers a question regarding port 3389 issues when a user tries to open port 3389 RDP on their router to ... Continue Reading

Disadvantages to a layered approach

Security expert Michael Gregg discusses the disadvantages to a layered approach to enterprise security. Continue Reading

Network security with foreign network cards

Security expert Michael Gregg fields a question about unknown network cards gaining access to a user's network. Continue Reading

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Networking experts

View all Networking questions and answers

SearchUnifiedCommunications

CPaaS market evolves to meet changing business needs

Changing user needs are transforming the CPaaS market as vendors look to provide tools for nondevelopers and enhance ...

Zoom Chat update takes vendor further beyond video

The latest enhancements to Zoom Chat come as the video conferencing vendor pushes more aggressively into the cloud calling market.

Enhancing communications with a UC-contact center integration

The divide between contact centers and the rest of the business is shrinking. The demand for UC and contact center integrations ...

SearchMobileComputing

Compare Intune alternatives to Intune for mobility management

Intune stands out in the EMM market in part due to its incumbency as a PC management platform. IT must evaluate Intune compared ...

Deploy kiosk devices with the Managed Home Screen Android app

The Managed Home Screen app allows Microsoft Intune admins to deploy multi-app kiosk devices. IT should learn the two best ...

New Outlook features appeal to users on the go

At Ignite, Microsoft announced some improvements to its Office app and Outlook for iOS and Android. Learn about how it benefits ...

SearchDataCenter

Top 4 open source automation tools for admins

Open source offerings are an easy way to bring automation into your organization. When selecting software, evaluate the user ...

U.S. facility may have best data center PUE

The data center energy efficiency metric, power usage effectiveness, or PUE, is not improving. But one supercomputer data center ...

Increase efficiency with data center temperature monitoring

Data centers must track multiple temperature components. Organizations can use ASHRAE standards and on-premises hardware for ...

SearchITChannel

4 SD-WAN vendors integrate with AWS Transit Gateway

Aruba, Cisco, Citrix and Silver Peak are among the first SD-WAN vendors to integrate their products with the AWS Transit Gateway.

Intel partner marketplace to drive ecosystem collaboration

Intel aims to make partner-to-partner collaboration easier with the launch of its Solutions Marketplace; other IT channel news ...

Desktop-as-a-service combo targets channel via Ingram Micro

Citrix, IGEL and Ingram Micro are collaborating on a desktop-as-a-service offering, which could provide channel partners with a ...

How do I find the application on my network that's dropping packets?

Learn how to use Wireshark to trace dropped packets being sent from a PC on your network or an external application/service and secure SMTP ports, from our expert Michael Gregg.

Dig Deeper on Network Security Monitoring and Analysis

Related Q&A from Michael Gregg

Expert tips to solve port 3389 issues when end users gets blocked

Disadvantages to a layered approach

Network security with foreign network cards

Have a question for an expert?

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchUnifiedCommunications

CPaaS market evolves to meet changing business needs

Zoom Chat update takes vendor further beyond video

Enhancing communications with a UC-contact center integration

SearchMobileComputing

Compare Intune alternatives to Intune for mobility management

Deploy kiosk devices with the Managed Home Screen Android app

New Outlook features appeal to users on the go

SearchDataCenter

Top 4 open source automation tools for admins

U.S. facility may have best data center PUE

Increase efficiency with data center temperature monitoring

SearchITChannel

4 SD-WAN vendors integrate with AWS Transit Gateway

Intel partner marketplace to drive ecosystem collaboration

Desktop-as-a-service combo targets channel via Ingram Micro

Dig Deeper on Network Security Monitoring and Analysis

Related Q&A from Michael Gregg

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.