I'm new to wireshark and analyzing traces. I have a tcpdump from a linux system. Once opened in wireshark, how can I get the Ip address so show in xxx.xxx.xxx.xxx format and the protocol to show not in hex, so I know what I'm looking at? asked 11 May '11, 05:59 mros2stf retagged 24 May '11, 22:58 helloworld |
One Answer:
If you open a trace file containing frames with IP inside Wireshark should decode IP addresses and everything else automatically. The protocol in hex is probably the ethernet protocol type you're looking at - it should be 0x0800 for IP, in which case you'll find the IP information in the next layers. If you see ethertypes other than 0x0800 you're not looking at IPv4 packets, thus not containing IPv4 addresses. answered 11 May '11, 09:08 Jasper ♦♦ |