How to Filter By Port in Wireshark

29/12/2020
Chưa phân loại

What is port filtering?

Port filtering is the way of filtering packets based on port number. To know more about filter by IP in Wireshark, please follow below link:
https://linuxhint.com/filter_by_ip_wireshark/

Intention of the article:

In this article we will try to understand some well know ports through Wireshark analysis.

What are the important ports?

There are many types of port. Here is the summary:

  • Ports 0 to 1023 are Well-Known Ports.
  • Ports 1024 to 49151 are Registered Ports.
  • Ports 49152 to 65535 are Public Ports.

Analysis in Wireshark:

Before we use filter in Wireshark we should know what port is used for which protocol. Here are some examples:

Protocol [Application] Port Number
TCP [HTTP] 80
TCP [FTP Data] 20
TCP [FTP Control] 21
TCP/UDP [Telnet] 23
TCP/UDP [DNS] 53
UDP [DHCP] 67,68
TCP [HTTPS] 443

1. Port 80: Port 80 is used by HTTP. Let’s see one HTTP packet capture.

Here 192.168.1.6 is trying to access web server where HTTP server is running. So destination port should be port 80. Now we put “tcp.port == 80” as Wireshark filter and see only packets where port is 80.

Here is the explanation screenshot

2. Port 53: Port 53 is used by DNS. Let’s see one DNS packet capture.

Here 192.168.1.6 is trying to send DNS query. So destination port should be port 53. Now we put “udp.port == 53” as Wireshark filter and see only packets where port is 53.

3. Port 443: Port 443 is used by HTTPS. Let’s see one HTTPS packet capture.

Now we put “tcp.port == 443” as Wireshark filter and see only HTTPS packets.

Here is the explanation with screenshot

4. Public/Registered port:

When we run only UDP through Iperf we can see both source and destination ports are used from registered/public ports.

Here is the screenshot with explanation

5. Port 67, 68: Port 67,68 is used by DHCP. Let’s see one DHCP packet capture.

Now we put “udp.dstport == 67 || udp.dstport == 68” as Wireshark filter and see only DHCP related packets.

Here is the explanation with screenshot

Summary:

For port filtering in Wireshark you should know the port number.

In case there is no fixed port then system uses registered or public ports. Port filter will make your analysis easy to show all packets to the selected port.

ONET IDC thành lập vào năm 2012, là công ty chuyên nghiệp tại Việt Nam trong lĩnh vực cung cấp dịch vụ Hosting, VPS, máy chủ vật lý, dịch vụ Firewall Anti DDoS, SSL… Với 10 năm xây dựng và phát triển, ứng dụng nhiều công nghệ hiện đại, ONET IDC đã giúp hàng ngàn khách hàng tin tưởng lựa chọn, mang lại sự ổn định tuyệt đối cho website của khách hàng để thúc đẩy việc kinh doanh đạt được hiệu quả và thành công.
Bài viết liên quan

Find Files on Linux

Introduction Linux is an operating system family which makes use of the Linux kernel. The operating systems under the Linux...
28/12/2020

Linux tar Command

Tar is a tool that’s used for managing compressed archive files. The term “tar” stands for “tape archive”. It...
29/12/2020

VMWare vs VirtualBox

VMware and VirtualBox are both the top two popular desktop virtualization options. They are both supported on Windows,...
28/12/2020
Bài Viết

Bài Viết Mới Cập Nhật

Lý do tại sao bạn nên sử dụng proxy khi truy cập web đen
27/02/2023

Các lỗi thường gặp khi sử dụng proxy và cách khắc phục chúng.
27/02/2023

Tác động của việc sử dụng proxy đến tốc độ kết nối internet của bạn.
27/02/2023

Các tiện ích và công cụ để quản lý proxy.
27/02/2023

Các cách để kiểm tra tốc độ và độ ổn định của proxy.
27/02/2023