This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Using Wireshark

0

I'm new to wireshark and analyzing traces. I have a tcpdump from a linux system. Once opened in wireshark, how can I get the Ip address so show in xxx.xxx.xxx.xxx format and the protocol to show not in hex, so I know what I'm looking at?

asked 11 May '11, 05:59

mros2stf's gravatar image

mros2stf
1111
accept rate: 0%

retagged 24 May '11, 22:58

helloworld's gravatar image

helloworld
3.1k42041


One Answer:

1

If you open a trace file containing frames with IP inside Wireshark should decode IP addresses and everything else automatically. The protocol in hex is probably the ethernet protocol type you're looking at - it should be 0x0800 for IP, in which case you'll find the IP information in the next layers. If you see ethertypes other than 0x0800 you're not looking at IPv4 packets, thus not containing IPv4 addresses.

answered 11 May '11, 09:08

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%