This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

ip addresses analysis

0

how can we find out server ip address from the pcap file using wireshark ??? can we create specific filter columns (like protocol, source, destination... etc..) in the packets pane???? pls let me knew

asked 05 May '13, 18:24

ark's gravatar image

ark
16455
accept rate: 0%


2 Answers:

1

The server is usually the IP the TCP SYN packets are sent to, while the source of the SYN packets in the client. So you could filter on the SYN packets using "tcp.flags==2" and see which IPs are targeted.

You can add almost any column you like; either by editing them in the preferences, or by selecting a field in the decode and use the popup menu to "apply as column". The same works if you want to filter on something - select the field in the decode and use the popup menu to "apply as filter".

answered 06 May '13, 02:11

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

0

One way is to click Statistics>Conversations This will open a new window and you can click ipv4 or tcp option to check out the Destination IP/src IP/src port/dst port(4 tuple)

Yes,You can create display filters for protocol,source,destination etc.There is a filter tab in Filter tool bar to play with lot of options.

answered 05 May '13, 19:00

krishnayeddula's gravatar image

krishnayeddula
629354148
accept rate: 6%

edited 05 May '13, 19:28