Hi there, I'm completely new to wireshark and I would like to know the correct way to determine all of the protocols the are used on the network in a specific capture, please can someone help me? asked 24 Apr '13, 06:23 harry82 |
2 Answers:
the best way:
Regards answered 24 Apr '13, 06:51 Kurt Knochner ♦ |
Another way (if you're more command-line oriented) is to use "tshark -T fields -eframe.protocols -nr filename.pcap" and then do some work to sort and unique the output. There's even a simple script in the Wireshark source code distribution (tools/list_protos_in_cap.sh) that does this for you. Basically what it does (after error checking, etc.) is:
(Note that this is using the *NIX utilities 'tr' and 'sort' which probably don't exist on Windows unless you have Cygwin installed.) answered 24 Apr '13, 07:19 JeffMorriss ♦ |
One should add that the Protocol Hierarchy only shows what Wireshark has been able to determine. So if there is a protocol that Wireshark doesn't know or which runs on a port it doesn't recognize, it will not appear in the statistics.
Thank you all for your time, it is most appreciated
H