Ask Your Question
0

Displaying more detail in Packet Detail Window

asked 2022-03-15 19:14:13 +0000

Hi community,

I am wondering if there is a way to display even more detail in the Packet Detail Window? For example, if I were to look at ICMP packets, I see: "Type 8 (Echo (ping) request)" In this example, I see that Wireshark conveniently tells me that an ICMP packet of type 8 is an echo ping request.

My wireshark (ver Version 3.6.2 (v3.6.2-0-g626020d9b3c3) ) is currently, and automatically configured to display these helpful tips in brackets. However, in reading books about Wireshark and using capture files they provided, I am noticing come minute details that are not being displayed when compared to screenshots of the same packets in Wireshark.

One example is TCP packet: Source Port :slc-systemlog (2826)

Where in my Wireshark version, "slc-systemlog " is missing. I am unaware if using a different dissector is a strategy to solve this? The book was written in 2017

Thanks community!

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2022-03-15 19:29:08 +0000

grahamb gravatar image

For the item you mention, the port numbers are translated to the service by looking them up in the "services" file that should be present in the Wireshark "Global configuration" directory, see Help -> About Wireshark -> Folders tab for the location.

The display of the service depends on the preference setting "Resolve transport names" in the Name Resolution section being checked.

It's also possible to create a local copy of the services file in the personal configuration or appropriate profile directory which will then override the global one.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2022-03-15 19:14:13 +0000

Seen: 136 times

Last updated: Mar 15 '22