My ip.src filter doesn't seem to be working correctly It looks to be backwards. Or am I looking at the data flow backwards its suppose to be flowing from 10.38.14.55 to 10.38.1.200.
I think it's the tcp.srcport == 1911 element of your filter that's the issue, it's restricting traffic to the flow from that port. To see the traffic going in the other direction you'd have to either or tcp.srcport == 61140 to see both srcports, or change the port filter to tcp.port == 1911 to see any packet that uses that port either as source or destination.
Try this display filter:
ip.src==10.38.14.55 && tcp.srcport==1911
The /20 in your display filter is causing both the 10.38.14.55 and 10.38.1.200 since both of these IP addresses are part of the 10.38.0.0/20 network (10.38.0.0 to 10.38.15.255)
That worked thanks!. Still confused is to why it shows the destination as 10.38.14.55 because I am sending information out from that address and I have port 1911 blocked so 10.38.1.200 shouldn't be able to send data to 10.38.14.55. I am running wireshark on 10.38.14.55 computer. Am I just confusing what the source and destination really is I am think from is source and to is destination.
Which answer helped! Your "answer" should be moved as a comment under the appropriate one.
Comments