Ask Your Question
0

Identifying source & destination port #'s

asked 2019-06-23 05:27:06 +0000

secrseel gravatar image

updated 2019-06-23 05:44:58 +0000

Jaap gravatar image

New to wireshark. Not wanting anyone to spend too much time in answering this question. Trying to be polite. If you want to reference me to a specific article or example; that would be great .

in conjunction with studying for ccna ... was looking for some help with the following.

Example: If I typed in www.bing.com into my web browser ... and I was successful in accessing the site. And then I performed a ping to www.bing.com / which was successfull. I see from the ping response that I can determine [www.bing.com]'s Destination IP address = 2620:1ec:c11::200 .

If I perform for example, a powershell session and perform a 'netstat' command to view my pc's network activity :

I can see relatively / easily that the Destination Port # 443 / which is [ default ] for https.

But, due to much information that is populated from the 'netstat' search, i cannot figure my pc's exact [ source port # ] for my particular web request to: www.bing.com .

Can a wireshark capture assist me with determining my pc's specific [ source port # ] that was used during the web search ?

I know my pc's ip address. I know how to set a TCP protocol filter on wireshark. Just not too savy , for example ; in finding a specific 'source-port #' . Could anyone possibly assist ?

Thank you ! secrseel

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-06-23 06:02:09 +0000

Jaap gravatar image

Few things.

The browser opens one (or more) TCP connections to the bing server to get the HTTP page information, but then closes them once the pages are received. Therefore you won't see them using netstat because they would be long gone before you can look.

Wireshark on the other hand captures the network traffic as it happens. So it can show you the TCP packets involved and therefore the port numbers involved in these connections. Find the TCP packets with the correct IP addresses (yours and bing's) and then look at the TCP layer details. It shows you the port number at bing's end (443) and the port number at your end.

edit flag offensive delete link more

Comments

Jaap First of all, thank you for cleaning up my horrible entry of my first question to wireshark. I will become better at submitting properly. Thank you for your help. Secondly, thank you for taking the time to answer my question . It was very informative, and I am very appreciative of your help.

secrseel

secrseel gravatar imagesecrseel ( 2019-06-23 06:25:48 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-06-23 05:27:06 +0000

Seen: 300 times

Last updated: Jun 23