0

I have a VB6 app that is constantly listening through TCP/IP using IPC. Microsoft Process Monitor is able to capture the port that its sending/receiving on without issue, but whenever I try to filter on these ports in wireshark, nothing shows up. Any idea why?

And yes, I know its off in the image. I was just too lazy to turn it back on and capture an image since I already screen captured it while off.

Capture Image

NOTE: Wireshark is bound to NIC. Netstat shows socket is established on the port listed in process monitor. NIC Netstat Proof wireshark is capturing packets (at least via terminal services). Wireshark Packets

Jake
  • 101
  • 2
  • I dunno. Wireshark not bound to the NIC? Application not sending or receiving any traffic? What does Netstat show? Any established connections for the ports in question? – joeqwerty Aug 24 '18 at 15:17
  • It could be possible that the application itself is failing before its sending packets. I'll have to dig into the code but that's probably the case. I'm assuming wireshark isn't showing anything because even though the sockets established, there might not be any packets being sent through it. – Jake Aug 24 '18 at 15:46
  • In outbound, Wireshark (winpcap) dont log if the firewall blocked the packet. winpcap is the last on the line to see the outbound packet. – yagmoth555 Aug 24 '18 at 16:05

0 Answers0