This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Filter Question

0

Hello,

I am wondering if there is a way to create a filter that would sort through a capture and pull out source IP, Destination IP and source ports used or what protocol was used in each packet? I know how to setup filters to look at source IP and destination IP but I'm not sure how to setup the ports used. I'm capturing data within our DMZ and simply want to be able to look at a filter that shows source IP, destination IP, Protocol and port number used if possible.

Thanks for any help!

asked 30 Dec '14, 12:18

rock90's gravatar image

rock90
21111115
accept rate: 0%

One Answer:

0

and simply want to be able to look at a filter that shows source IP, destination IP, Protocol and port number used if possible.

"port number used" sounds like you want a list of all conversations, because with a display filter, you need to know the port in advance to be able to filter for it !?!

So, if you need a list of conversations:

Statistics -> Conversations -> TCP/UDP [Tabs]

If you need a filter for the port, here we go:

http://wiki.wireshark.org/DisplayFilters

In detail:

tcp.port == 1234

or

tcp.srcport == 1234

or

tcp.dstport == 1234

same for UDP.

Regards
Kurt

answered 30 Dec '14, 14:07

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%