This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I'm new to wireshark and analyzing traces. I have a tcpdump from a linux system. Once opened in wireshark, how can I get the Ip address so show in xxx.xxx.xxx.xxx format and the protocol to show not in hex, so I know what I'm looking at?

asked 11 May '11, 05:59

mros2stf's gravatar image

mros2stf
1111
accept rate: 0%

retagged 24 May '11, 22:58

helloworld's gravatar image

helloworld
3.1k42041


If you open a trace file containing frames with IP inside Wireshark should decode IP addresses and everything else automatically. The protocol in hex is probably the ethernet protocol type you're looking at - it should be 0x0800 for IP, in which case you'll find the IP information in the next layers. If you see ethertypes other than 0x0800 you're not looking at IPv4 packets, thus not containing IPv4 addresses.

permanent link

answered 11 May '11, 09:08

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×100
×24

question asked: 11 May '11, 05:59

question was seen: 3,441 times

last updated: 24 May '11, 22:58

p​o​w​e​r​e​d by O​S​Q​A