Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN How To

In my last two posts on this subject, I've covered some of the basics and tools used to perform packet captures, highlighting the well known software from Wireshark. In this installment, I'm going to show how I used Wireshark packet captures to solve a real network problem.

The Problem

I use an HP 7300 All-in-One Network Printer/Fax/Scanner on my LAN. I have several Windows XP PCs that work with the HP without issue, but my Windows Vista laptop consistently has problems recognizing and being recognized by the HP. To restore connectivity from my Vista laptop to the HP, I've had to re-install HP's All-in-One network software numerous times, which is both time consuming and a nuisance.

I could have just chalked this issue up as another Vista frustration. But I decided to dive into the problem, instead. Knowing that Vista claims to have greater levels of security than XP, I suspected the firewall as a possible cause of my problem, and decided to use Wireshark to explore this theory.

The Solution

To start, I disabled the Vista firewall to allow for unrestricted packet flow between my PC and the HP. With the firewall disabled, I re-installed the HP software to restore connectivity between my laptop and the HP.

Previously, I configured the HP with a static IP = 192.168.3.112, so my next step was to start Wireshark with a filter configured to capture all packets to and from host 192.168.3.112, using the steps discussed in my previous packet capture blog.

Right away, I had some indication that I was on the right path! I noticed the Wireshark output showing packets being sent between my PC and the HP using several protocols that could easily be blocked by a firewall. I noticed traffic using the SNMP protocol, as well as two other protocols, SRVLOC and NBNS. After running the packet capture for a couple minutes, I clicked Capture-Stop, and then File-Save to store the results to a file.

As you can see from the below three figures, SNMP, SRVLOC (Service Location Protocol) and NBNS (NetBios Naming Service) packets are being exchanged between my PC (192.168.3.152) and the HP (192.168.3.112).

SNMP packets
Click to enlarge image

Figure 1: SNMP packets

Closer examination of the packets identify that the SNMP packets are using UDP port 161, the SRVLOC packets are using UDP port 427, and the NBNS packets are using UDP port 137. In the figures, I've circled the output that indicates the use of UDP and put an arrow showing where the port number is displayed.

SRVLOC packets
Click to enlarge image

Figure 2: SRVLOC packets

Armed with this data identifying specific ports used for network connectivity between my PC and the HP, I was now able to apply specific configurations to resolve the issue.

NBNS packets
Click to enlarge image

Figure 3: NBNS packets

I re-enabled the firewall, and configured exceptions to allow for passing traffic on these ports. Windows' firewall has the ability to define a "Scope" for each exception, which means you can open firewall ports only for specific IP ranges.

As illustrated in Figure 4, I used this feature to open SRVLOC (UDP port 427) traffic only when my PC is on my LAN (192.168.3.0/24). I then repeated the process for both SNMP and NBNS.

Setting Windows Firewall Exceptions
Click to enlarge image

Figure 4: Setting Windows Firewall Exceptions

Opening a port in a firewall can mean the port is open on all networks, making opening ports a significant security risk. The "Scope" feature means I'm only opening the port for traffic on my own LAN, where I have greater confidence in the security than I do in a public location such as a hotel or airport.

Conclusion

With detailed information provided using packet capture software, I was able to apply a specific network security configuration to resolve a problem affecting the use of one of my network devices. More importantly, since applying this fix, the connectivity between my laptop and the HP All-in-One has been stable and reliable!

I hope this little series on Packet Captures and Wireshark has been useful. If you have a tip, question, or idea on using packet captures and or Wireshark, please feel free to post a comment. I'd love to hear your suggestions and success stories!

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Hi All, I'm new here and I've just got the Asus RT-AC5300 yesterday. I unboxed it, everything was fine, I was able to do the initial SSID settings for...
We've been using a budget RT-N12C1 Asus router for many years, but wifi connections often drop down to below a single megabyte or less per second. Res...
According to traffic stats 7 gigs worth of this protocol has been downloaded by a machine on my network over the past week.What is it, does anyone els...
Hi,I'm curious as to what the recommended (baseline) operating temperature of for a given router is. Attached below is the Administration - Temperatur...
Been fairly happy on my AC68 centric network, with an AC66 as an extender for my kids' guest SSID, and range extender for my media devices' guest SSID...

Don't Miss These

  • 1
  • 2
  • 3