I'm having a devil of a time discovering an expression for displaying only packets which have come to from one particular port using any protocol. Any help? asked 07 Dec '13, 11:12  JourneyJay |
One Answer:
A port is generally associated with tcp or udp so Correction: As the user seems to really mean all protocols that have a notion of a "port", then the answer is not really. The Wireshark display filters refer to fields within a container (such as a protocol) so you would have to enumerate all possible containers that have a field corresponding to the notion of a port (and in same it may not be named as such). There is no "global" field named port such that all dissectors would match their internal notion of a port to the global one. answered 07 Dec '13, 12:45  grahamb ♦ edited 08 Dec '13, 05:07 |
These aren't the only options.
Yes, there's also the SCTP port.
There are, however, many many many protocols that don't have "ports" in the sense of a TCP or UDP or SCTP port. If that's the sense in which you meant port, there obviously does not exist, and obviously cannot ever exist, "packets which have come to from one particular port using any protocol", as "any protocol" includes protocols that have no notion of a "port".
@JouneyJay: Could you please add more information? What are you trying to find with such a filter?