Convert from port numbers to protocol names in wireshark

Posted by Berkay on Server Fault See other posts from Server Fault or by Berkay
Published on 2010-12-22T07:54:38Z Indexed on 2010/12/22 7:55 UTC
Read the original article Hit count: 437

Filed under:
|
|

i'm simply using tshark -r botnet.pcap -T fields -E separator=';' -e ip.src -e tcp.srcport -e ip.dst -e tcp.dstport '(tcp.flags.syn == 1 and tcp.flags.ack == 0)'

to see the all initiated "legal TCP" connections. However, i need the destination port number conversion to "http" "netbios" etc.

i'm not using -n option, but still i get:

128.3.45.128;62259;208.233.189.150;80

This is what i'm trying to get:

128.3.45.128;62259;208.233.189.150;http

or

128.3.45.128;62259;208.233.189.150;80;http

is better option for me.

any idea from tshark users? or any other tool suggestions?

© Server Fault or respective owner

Related posts about wireshark

Related posts about packet-analyzer