Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN How To

In my last two posts on this subject, I've covered some of the basics and tools used to perform packet captures, highlighting the well known software from Wireshark. In this installment, I'm going to show how I used Wireshark packet captures to solve a real network problem.

The Problem

I use an HP 7300 All-in-One Network Printer/Fax/Scanner on my LAN. I have several Windows XP PCs that work with the HP without issue, but my Windows Vista laptop consistently has problems recognizing and being recognized by the HP. To restore connectivity from my Vista laptop to the HP, I've had to re-install HP's All-in-One network software numerous times, which is both time consuming and a nuisance.

I could have just chalked this issue up as another Vista frustration. But I decided to dive into the problem, instead. Knowing that Vista claims to have greater levels of security than XP, I suspected the firewall as a possible cause of my problem, and decided to use Wireshark to explore this theory.

The Solution

To start, I disabled the Vista firewall to allow for unrestricted packet flow between my PC and the HP. With the firewall disabled, I re-installed the HP software to restore connectivity between my laptop and the HP.

Previously, I configured the HP with a static IP =, so my next step was to start Wireshark with a filter configured to capture all packets to and from host, using the steps discussed in my previous packet capture blog.

Right away, I had some indication that I was on the right path! I noticed the Wireshark output showing packets being sent between my PC and the HP using several protocols that could easily be blocked by a firewall. I noticed traffic using the SNMP protocol, as well as two other protocols, SRVLOC and NBNS. After running the packet capture for a couple minutes, I clicked Capture-Stop, and then File-Save to store the results to a file.

As you can see from the below three figures, SNMP, SRVLOC (Service Location Protocol) and NBNS (NetBios Naming Service) packets are being exchanged between my PC ( and the HP (

SNMP packets
Click to enlarge image

Figure 1: SNMP packets

Closer examination of the packets identify that the SNMP packets are using UDP port 161, the SRVLOC packets are using UDP port 427, and the NBNS packets are using UDP port 137. In the figures, I've circled the output that indicates the use of UDP and put an arrow showing where the port number is displayed.

SRVLOC packets
Click to enlarge image

Figure 2: SRVLOC packets

Armed with this data identifying specific ports used for network connectivity between my PC and the HP, I was now able to apply specific configurations to resolve the issue.

NBNS packets
Click to enlarge image

Figure 3: NBNS packets

I re-enabled the firewall, and configured exceptions to allow for passing traffic on these ports. Windows' firewall has the ability to define a "Scope" for each exception, which means you can open firewall ports only for specific IP ranges.

As illustrated in Figure 4, I used this feature to open SRVLOC (UDP port 427) traffic only when my PC is on my LAN ( I then repeated the process for both SNMP and NBNS.

Setting Windows Firewall Exceptions
Click to enlarge image

Figure 4: Setting Windows Firewall Exceptions

Opening a port in a firewall can mean the port is open on all networks, making opening ports a significant security risk. The "Scope" feature means I'm only opening the port for traffic on my own LAN, where I have greater confidence in the security than I do in a public location such as a hotel or airport.


With detailed information provided using packet capture software, I was able to apply a specific network security configuration to resolve a problem affecting the use of one of my network devices. More importantly, since applying this fix, the connectivity between my laptop and the HP All-in-One has been stable and reliable!

I hope this little series on Packet Captures and Wireshark has been useful. If you have a tip, question, or idea on using packet captures and or Wireshark, please feel free to post a comment. I'd love to hear your suggestions and success stories!

More LAN & WAN

Wi-Fi System Tools
Check out the new Wi-Fi System Charts, Ranker and Finder!

Featured Sponsors

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

I was debating just how to ask this w/o getting blasted for doing so since this is a Merlin forum.I picked up this Router to possible replace a slight...
I have searched and read a lot and it seems that most people want to selectively route outgoing traffic.I would like to do the opposite.Two things I a...
My OpenVPN setup is from several years ago. I’m probably not using the best/safest cipher.Which cipher do you advise for iOS devices?OpenVPN server: r...
Hello,My apologies, I am a long time follower of this forum, but first time poster and I need some (noob) help. I previously had an Asus RT-AC87U and ...
I got a RT-AC3100 and installed the Merlin firmware 382.1_2 after a day with it and it's been working great. I do have some questions and found a mino...

Don't Miss These

  • 1
  • 2
  • 3
Get Backblaze Now!