I have a puzzle I am not able to figure out, I would appreciate any help.
I am connected to a remote desktop using windows default remote desktop utility (Windows 8 locally, Windows 7 remotely).
The remote desktop is not in the same sub-network as my own.
Connection is made through default port 3389. Using Wireshark locally I can confirm the TCP connection being established and the data flow.
Running Wireshark in the remote desktop, I don`t see any flow of data between the two computers.
If I send a ICMP ping from the remote desktop to my computer, it works well and I can see it in Wireshark both remotely as well as locally. But if I send the ICMP ping from my computer to the remote desktop, it fails. I see it leaving my computer through Wireshark, but it never reaches the remote desktop (I don`t see it in Wireshark).
I don't think it is a firewall issue (specially since it can't explain why Wireshark won`t capture the port 3389 RPC flow).
Does anyone have any idea of what might be going on?
I found the main issue.
In Wireshark, turns out it is possible to configure the capture interface with a filter.
To change it, go to: Capture->Interfaces
On the interface being used, stop capturing to enable the Options, there it is possible to configure a capture filter.