hello guys. as you know, we can filter traffic for specific protocol with "ip proto <protocol code="">" capture filters, as I know, this code for TCP is 6, UDP is 17 and ICMP is 1. now I want the whole list of protocol codes, can any body help me?? thanks. asked 11 Jul '14, 06:18  M_Bazgir |
2 Answers:
You might want to try IANA: http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml answered 11 Jul '14, 06:20  Jasper ♦♦ |
You can view this currently registered list in Wireshark itself. From the menu >> Analyze >> Display Filters... A list of the currently registered filters should appear. Now click Expression... If you scroll down to (or type) IPv4 and expand its tree you get a list of the currently registered filters for the IPv4 protocol. Scroll down to and select ip.proto. If you select '==' from the relations menu and click on the specific protocol you're looking to filter by from the 'Predefined Values' menu, the 'protocol code' you are looking for should appear under Value. You can now select the filter from here, without having to know the number, by clicking 'okay' and 'apply'. Or you can use the Expression list as a reference for all the filters registered to Wireshark! I find it really useful when one of my coworkers gives me a custom dissector and I don't know the correct syntax for the display filters they registered with Wireshark. Jeffrey answered 12 Jul '14, 07:02  jphmiller |
That's enough for me. :) Thanks Jasper.