This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Finding services in Wireshark?

0

Hi all,

I'm a Wireshark beginner and I have a question about it:

How does one go about finding services in Wireshark, specifically, the question is asking 'What services are running in the network capture?'

Would this relate to the application layer and services that run within it? Any help would be greatly appreciated

Lambert

asked 12 Feb '13, 07:00

Lambert84's gravatar image

Lambert84
1111
accept rate: 0%


One Answer:

0

'What services are running in the network capture?'

'services' is not the right term in case of Wireshark. What you see in Wireshark is (mostly) TCP and UDP conversations. Some TCP/UDP ports (mail:25, http:80,ssh:22, etc.) are tied to 'services' (by convention). So, you need to know what TCP/UDP port your service/application is using and then you can filter for that.

You get a brief overview of protocols/ports/services by this:

Statistics -> Potocol Hierarchy

If you need a more detailed view, you need to actually look at packets and filter for whatever you need.

If you need just an overview what is going on in your network, a network forensic tool may be better suited for you (e.g. Network Miner, Xplico or similar).

Regards
Kurt

answered 12 Feb '13, 07:22

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%