Using Wireshark to Troubleshoot
Wireshark is a graphical packet capture and display program. Wireshark can be used to collect packets from a network and display their contents for troubleshooting. It was formerly called "Ethereal", and is available as no-cost open-source software. It operates on Windows, MacOS X, and various flavors of Unix and Linux.
It is straightforward to use Wireshark to determine whether NetFlow packets are arriving at the InterMapper Flows computer.
The basic technique is to filter on packets sent to port 2055 (the default NetFlow port) or whatever port you have designated. To do this:
- 1. Be sure to remove any firewall for port 2055.
2. Download and install Wireshark.
3. Start Wireshark, and capture packets. Use the Capture > Options... (Ctl-K) command, select an interface, and use one of these choices:
4 . Capture packets whose destination is port 2055. Using the graphic as a guide, configure the Capture Filter (e.g.port 2055 in this graphic).
5 . OR leave the Capture Filter blank (this will capture more packets), then use the Filter in the main window to show only port 2055 packets (e.g., udp.dstport == 2055 in this graphic).
If you see packets in the window (e.g., the numbered entries shown above), then you know that packets are arriving, and should be received by InterMapper Flows.