Professional Documents
Culture Documents
Wireshark represents the world’s most used protocol analyzer. By using it, you
different problems, analyze and filter your network traffic using various tools,
etc.
If you want to learn more about Wireshark and how to filter by port, make sure
network protocols) based on their port number. These port numbers are used
for TCP and UDP protocols, the best-known protocols for transmission. Port
filtering, you can choose to allow or block certain ports to prevent different
such as file transfer, e-mail, etc. In fact, there are over 65,000 different ports.
They exist in “allow” or “closed” mode. Some applications on the internet can
open these ports, thus making your computer more exposed to hackers and
viruses.
By using Wireshark, you can filter different packets based on their port
number. Why would you want to do this? Because in that way, you can filter
out all the packets you don’t want in your computer for different reasons.
ports from 0 – 1023 are well-known ports, and they are assigned to common
services and protocols. Then, from 1024 to 49151 are registered ports – they
are assigned by ICANN to a specific service. And public ports are ports from
49152-65535, they can be used by any service. Different ports are used for
different protocols.
If you want to learn about the most common ones, check out the following list:
23 Telnet TCP
Analysis in Wireshark
The process of analysis in Wireshark represents monitoring of different
Before we start with the process of analysis, make sure you know the type of
traffic you are looking to analyze, and various types of devices that emit traffic:
1. Do you have promiscuous mode supported? If you do, this will allow
your device to collect packets that are not originally intended for your
device.
2. What devices do you have inside your network? It’s important to keep in
3. What type of traffic do you want to analyze? The type of traffic will
Knowing how to use different filters is extremely important for capturing the
intended packets. These filters are used before the process of packet
remove the traffic that does not meet the given criteria.
Within Wireshark, a syntax called Berkley Packet Filter (BPF) syntax is used
for creating different capture filters. Since this is the syntax that is most
The Berkley Packet Filter syntax captures filters based on different filtering
1. Type – with these qualifiers, you specify what kind of thing the identifier
direction. In that way, “src” marks the source, and “dst” marks the
destination.
3. Proto (protocol) – with protocol qualifiers, you can specify the specific
You can use a combination of different qualifiers in order to filter out your
search. Also, you can use operators: for example, you can use the
Here are some examples of capture filters you can use in Wireshark:
Filters Description
It is possible to create capture filters in the protocol header fields. The syntax
protocol you want to filter, offset represents the position of the value in the
header of the packet, the size represents the length of the data, and value is
them while viewing. This is a good option since once you discard packets, you
Display filters are used to check for the presence of a certain protocol. For
example, if you would like to display packets that contain a particular protocol,
you can type the name of the protocol in Wireshark’s “Display filter” toolbar.
Other Options
There are various other options you can use to analyze packets in Wireshark,
1. Under the “Statistics” window in Wireshark, you can find different basic
tools you can use to analyze packets. For example, you can use the
2. Under the “Expert Infos” window, you can analyze the anomalies or
For example, if you want to filter port 80, type this into the filter bar:
“tcp.port == 80.” What you can also do is type “eq” instead of “==”, since
For example, if you want to filter ports 80 and 443, type this into the filter bar:
tcp.port eq 443.”
Additional FAQs
How Do I Filter Wireshark by IP Address and Port?
There are several ways in which you can filter Wireshark by IP address:
1. If you’re interested in a packet with a particular IP address, type this into the
If you want to apply two filters, such as IP address and port number, check out
Since “&&” represent symbols for “and”, by writing this, you are able to filter
443).
How Does Wireshark Capture Port Traffic?
Wireshark captures all the network traffic as it happens. It will capture all the
port traffic and show you all the port numbers in the specific connections.
1. Open “Wireshark.”
2. Tap “Capture.”
3. Select “Interfaces.”
4. Tap “Start.”
If you want to focus on a specific port number, you can use the filter bar.
filter bar. Why bootp? Because it represents the older version of DHCP, and
1. It’s free – you can analyze your network traffic completely free!
2. It can be used for different platforms – you can use Wireshark on Windows,
4. It offers live data – this data can be gathered from various sources such as
5. It’s widely used – Wireshark is the most popular network protocol analyzer.
you want to be sure that you can troubleshoot and identify any type of network
issues or inspect the data coming in and out of your network, thus keeping it
Have you ever used Wireshark? Tell us about it in the comment section below.