Hi all, I'm a Wireshark beginner and I have a question about it: How does one go about finding services in Wireshark, specifically, the question is asking 'What services are running in the network capture?' Would this relate to the application layer and services that run within it? Any help would be greatly appreciated Lambert asked 12 Feb '13, 07:00  Lambert84 |
One Answer:
'services' is not the right term in case of Wireshark. What you see in Wireshark is (mostly) TCP and UDP conversations. Some TCP/UDP ports (mail:25, http:80,ssh:22, etc.) are tied to 'services' (by convention). So, you need to know what TCP/UDP port your service/application is using and then you can filter for that. You get a brief overview of protocols/ports/services by this:
If you need a more detailed view, you need to actually look at packets and filter for whatever you need. If you need just an overview what is going on in your network, a network forensic tool may be better suited for you (e.g. Network Miner, Xplico or similar). Regards answered 12 Feb '13, 07:22  Kurt Knochner ♦ |
