This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

multiple ports same protocol?

I'm debugging a dicom link between a client and a server. I suspect that there are two instances of dicom SCP on the server on separate ports and two clients on the client machine. Obviously each server is listening on a separate port and the clients are talking to their respective servers. My question is when I filter by dicom packets how do I know which message 'pairs' are from the same peers? (I don't see the port numbers on the transaction log.)

Cheers,

dicom

asked 10 Jun '14, 20:09

BJOBrien
11●2●2●4
accept rate: 0%

edited 11 Jun '14, 06:03

(I don't see the port numbers on the transaction log.)

Some questions:

Why (question to the statement above)?
How did you generate the 'transaction' log?
Did you try to capture the traffic with Wireshark?

(11 Jun '14, 13:28) Kurt Knochner ♦

One Answer:

You can add source port and destination port as columns to help you differentiate. Right click a port field (src or dst) in the packet details pane and select "Apply as Column", repeat for the other (src or dst) field).

You can also apply display filters to limit the conversation to a particular port, e.g. tcp.srcport == xyz if your traffic is over TCP for instance (similarly for UDP), or you can select a particular frame, right click and select "Follow xxx Stream" where "xxx" is TCP or UDP as appropriate and that will show the whole converstation on that port for UDP or that connection (SYN -> FIN) for TCP.

answered 11 Jun '14, 06:23

grahamb ♦
19.8k●3●30●206
accept rate: 22%