This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

List of protocol codes

0

hello guys. as you know, we can filter traffic for specific protocol with "ip proto <protocol code="">" capture filters, as I know, this code for TCP is 6, UDP is 17 and ICMP is 1. now I want the whole list of protocol codes, can any body help me?? thanks.

asked 11 Jul '14, 06:18

M_Bazgir's gravatar image

M_Bazgir
16448
accept rate: 0%


2 Answers:

2

answered 11 Jul '14, 06:20

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

That's enough for me. :) Thanks Jasper.

(11 Jul '14, 06:23) M_Bazgir

0

You can view this currently registered list in Wireshark itself.

From the menu >> Analyze >> Display Filters...

A list of the currently registered filters should appear. Now click Expression...

If you scroll down to (or type) IPv4 and expand its tree you get a list of the currently registered filters for the IPv4 protocol.

Scroll down to and select ip.proto.

If you select '==' from the relations menu and click on the specific protocol you're looking to filter by from the 'Predefined Values' menu, the 'protocol code' you are looking for should appear under Value.

You can now select the filter from here, without having to know the number, by clicking 'okay' and 'apply'. Or you can use the Expression list as a reference for all the filters registered to Wireshark! I find it really useful when one of my coworkers gives me a custom dissector and I don't know the correct syntax for the display filters they registered with Wireshark.

Jeffrey

answered 12 Jul '14, 07:02

jphmiller's gravatar image

jphmiller
6225
accept rate: 0%