This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How port name resolution is done in Wireshark ?

0

i want to know about how port name resolution is done in wireshark? Directly using well known port numbers to match with the names or is there any other methods used for this purpose while decoding the port numbers ?

thanks

asked 18 Jan '11, 23:05

berkey's gravatar image

berkey
31448
accept rate: 0%


One Answer:

1

Have a look at the file 'services' in your Wireshark installation.

# This is a local copy of the IANA port-numbers file.
#
# $Id: services 34645 2010-10-25 18:24:59Z morriss $
#
# Wireshark uses it to resolve port numbers into human readable
# service names, e.g. TCP port 80 -> http.
#
# It is subject to copyright and being used with IANA's permission:
# http://www.wireshark.org/lists/wireshark-dev/200708/msg00160.html
#
# The original file can be found at:
# http://www.iana.org/assignments/port-numbers
#

answered 18 Jan '11, 23:46

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

@Jaap, thanks for the answer +1, Do you have any idea how the source and destination is identified if the there is no syn seen, we can say if my traces includes partial ones...

(21 Jan '11, 13:39) berkey

Ports, hence port number name resolution aren't direction related. The concept of source and destination comes from their place in the protocol messages. For TCP, which you are referring to, it's the source port (tcp.srcport) and destination port (tcp.dstport).

(22 Jan '11, 01:27) Jaap ♦