Today I was working on a Windows 2003 Terminal Server and noticed in Terminal Services Manager repeated connection attempts. To investigate this I need to capture the ip addresses. Wireshark is my tool of choice for this job (download free from http://www.wireshark.org/ )
To capture the ip addresses open Wireshark select capture, options from the menu. I only want traffic that is not local so I used this capture filter “not src net 192.168.5.0/24” and started the capture.
Now that I can see the ip addresses what now? In my case I blocked the network that contained the ip address for tcp port 3389 on a Cisco router.
Wireshark has many capture options see the wiki here; http://wiki.wireshark.org/CaptureFilters
Jul 11 2012
Capture Terminal Server ip address connection attempts
Today I was working on a Windows 2003 Terminal Server and noticed in Terminal Services Manager repeated connection attempts. To investigate this I need to capture the ip addresses. Wireshark is my tool of choice for this job (download free from http://www.wireshark.org/ )
To capture the ip addresses open Wireshark select capture, options from the menu. I only want traffic that is not local so I used this capture filter “not src net 192.168.5.0/24” and started the capture.
Now that I can see the ip addresses what now? In my case I blocked the network that contained the ip address for tcp port 3389 on a Cisco router.
Wireshark has many capture options see the wiki here; http://wiki.wireshark.org/CaptureFilters
By sysadmin • IT • 0