My problem is to separate packets related to multiple applications from all packets captured by wireshark when multiple applications are running over internet. Is there any way to extract or isolate packets according to application type such as www, mail, multimedia, p2p etc. plz reply me asked 12 Apr '11, 05:24  Kuldeep edited 26 Feb '12, 22:21  cmaynard ♦♦ |
One Answer:
There are a lot of ways to do that. You could use the Protocol Hierarchy Statistics to get a list of all protocols Wireshark detected (which is more or less accurate), and then use the popup menu to filter the protocols you want to take a look at. If the protocol you want isn't listed you need to find out what ports it usually uses and then filter for it yourself or find conversations using that port with the help of the Conversation Statistics. From there, once again you can right click and use the popup menu to filter for the connections you want to take a closer look at. answered 12 Apr '11, 05:52  Jasper ♦♦ |
