This is our old Q&A Site. Please post any new questions and answers at

I'm new to wireshark and analyzing traces. I have a tcpdump from a linux system. Once opened in wireshark, how can I get the Ip address so show in format and the protocol to show not in hex, so I know what I'm looking at?

asked 11 May '11, 05:59

mros2stf's gravatar image

accept rate: 0%

retagged 24 May '11, 22:58

helloworld's gravatar image


If you open a trace file containing frames with IP inside Wireshark should decode IP addresses and everything else automatically. The protocol in hex is probably the ethernet protocol type you're looking at - it should be 0x0800 for IP, in which case you'll find the IP information in the next layers. If you see ethertypes other than 0x0800 you're not looking at IPv4 packets, thus not containing IPv4 addresses.

permanent link

answered 11 May '11, 09:08

Jasper's gravatar image

Jasper ♦♦
accept rate: 18%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 11 May '11, 05:59

question was seen: 3,441 times

last updated: 24 May '11, 22:58

p​o​w​e​r​e​d by O​S​Q​A