This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Expression: Display all data coming in AND out of port A on ALL protocols

0

I'm having a devil of a time discovering an expression for displaying only packets which have come to from one particular port using any protocol. Any help?

asked 07 Dec '13, 11:12

JourneyJay's gravatar image

JourneyJay
11224
accept rate: 0%


One Answer:

0

A port is generally associated with tcp or udp so tcp.port == xxx || udp.port == xxx

Correction:

As the user seems to really mean all protocols that have a notion of a "port", then the answer is not really. The Wireshark display filters refer to fields within a container (such as a protocol) so you would have to enumerate all possible containers that have a field corresponding to the notion of a port (and in same it may not be named as such). There is no "global" field named port such that all dissectors would match their internal notion of a port to the global one.

answered 07 Dec '13, 12:45

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

edited 08 Dec '13, 05:07

These aren't the only options.

(07 Dec '13, 17:17) JourneyJay

Yes, there's also the SCTP port.

There are, however, many many many protocols that don't have "ports" in the sense of a TCP or UDP or SCTP port. If that's the sense in which you meant port, there obviously does not exist, and obviously cannot ever exist, "packets which have come to from one particular port using any protocol", as "any protocol" includes protocols that have no notion of a "port".

(07 Dec '13, 18:09) Guy Harris ♦♦

@JouneyJay: Could you please add more information? What are you trying to find with such a filter?

(08 Dec '13, 10:13) Kurt Knochner ♦