This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to read/search wireshark logs for ports

0

Hello,

I'm trying to search for a specific product and/or port in a wireshark log that i pulled. I tried to use the filter system but typing the port didnt result in a search, instead i got an error: "6502" isn't a valid display filter: "6502" is neither a field nor a protocol name.

is there a way to search for key words or ports? really need your help please

asked 19 Nov '13, 13:59

xxx4reggie's gravatar image

xxx4reggie
11112
accept rate: 0%

One Answer:

0

If the protocol uses TCP, then try tcp.port eq 6502; if it uses UDP, then try udp.port eq 6502.

For more information on display filter syntax, refer to the Wireshark User Guide.

answered 19 Nov '13, 14:31

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142
accept rate: 20%

oh wow! That helps significantly! Thank you so much, life saver!!

Another question, is it possible to do a search via name? (I'm also checking the Guide that you posted but just in case you have this info:) )

(19 Nov '13, 15:16) xxx4reggie

If you mean something like this:

tcp.port eq http

then the answer is: No

Although in the case of 6502 this filter would be nice

tcp.port eq c64

almost!! ;-))

(19 Nov '13, 15:31) Kurt Knochner ♦

No, c64 would actually be a match for 6510.

(20 Nov '13, 02:25) grahamb ♦

I know. That why I said: almost!! ;-))

(20 Nov '13, 03:13) Kurt Knochner ♦