I'm completely new to wireshark and I would like to know the correct way to determine all of the protocols the are used on the network in a specific capture, please can someone help me?
asked 24 Apr '13, 06:23
the best way:
answered 24 Apr '13, 06:51
Kurt Knochner ♦
Another way (if you're more command-line oriented) is to use "tshark -T fields -eframe.protocols -nr filename.pcap" and then do some work to sort and unique the output. There's even a simple script in the Wireshark source code distribution (tools/list_protos_in_cap.sh) that does this for you. Basically what it does (after error checking, etc.) is:
(Note that this is using the *NIX utilities 'tr' and 'sort' which probably don't exist on Windows unless you have Cygwin installed.)
answered 24 Apr '13, 07:19