how can we find out server ip address from the pcap file using wireshark ??? can we create specific filter columns (like protocol, source, destination... etc..) in the packets pane???? pls let me knew asked 05 May '13, 18:24 ark |
2 Answers:
The server is usually the IP the TCP SYN packets are sent to, while the source of the SYN packets in the client. So you could filter on the SYN packets using "tcp.flags==2" and see which IPs are targeted. You can add almost any column you like; either by editing them in the preferences, or by selecting a field in the decode and use the popup menu to "apply as column". The same works if you want to filter on something - select the field in the decode and use the popup menu to "apply as filter". answered 06 May '13, 02:11 Jasper ♦♦ |
One way is to click Statistics>Conversations This will open a new window and you can click ipv4 or tcp option to check out the Destination IP/src IP/src port/dst port(4 tuple) Yes,You can create display filters for protocol,source,destination etc.There is a filter tab in Filter tool bar to play with lot of options. answered 05 May '13, 19:00 krishnayeddula edited 05 May '13, 19:28 |