How to Filter By Port in Wireshark

29/12/2020
Chưa phân loại

What is port filtering?

Port filtering is the way of filtering packets based on port number. To know more about filter by IP in Wireshark, please follow below link:
https://linuxhint.com/filter_by_ip_wireshark/

Intention of the article:

In this article we will try to understand some well know ports through Wireshark analysis.

What are the important ports?

There are many types of port. Here is the summary:

  • Ports 0 to 1023 are Well-Known Ports.
  • Ports 1024 to 49151 are Registered Ports.
  • Ports 49152 to 65535 are Public Ports.

Analysis in Wireshark:

Before we use filter in Wireshark we should know what port is used for which protocol. Here are some examples:

Protocol [Application] Port Number
TCP [HTTP] 80
TCP [FTP Data] 20
TCP [FTP Control] 21
TCP/UDP [Telnet] 23
TCP/UDP [DNS] 53
UDP [DHCP] 67,68
TCP [HTTPS] 443

1. Port 80: Port 80 is used by HTTP. Let’s see one HTTP packet capture.

Here 192.168.1.6 is trying to access web server where HTTP server is running. So destination port should be port 80. Now we put “tcp.port == 80” as Wireshark filter and see only packets where port is 80.

Here is the explanation screenshot

2. Port 53: Port 53 is used by DNS. Let’s see one DNS packet capture.

Here 192.168.1.6 is trying to send DNS query. So destination port should be port 53. Now we put “udp.port == 53” as Wireshark filter and see only packets where port is 53.

3. Port 443: Port 443 is used by HTTPS. Let’s see one HTTPS packet capture.

Now we put “tcp.port == 443” as Wireshark filter and see only HTTPS packets.

Here is the explanation with screenshot

4. Public/Registered port:

When we run only UDP through Iperf we can see both source and destination ports are used from registered/public ports.

Here is the screenshot with explanation

5. Port 67, 68: Port 67,68 is used by DHCP. Let’s see one DHCP packet capture.

Now we put “udp.dstport == 67 || udp.dstport == 68” as Wireshark filter and see only DHCP related packets.

Here is the explanation with screenshot

Summary:

For port filtering in Wireshark you should know the port number.

In case there is no fixed port then system uses registered or public ports. Port filter will make your analysis easy to show all packets to the selected port.

ONET IDC thành lập vào năm 2012, là công ty chuyên nghiệp tại Việt Nam trong lĩnh vực cung cấp dịch vụ Hosting, VPS, máy chủ vật lý, dịch vụ Firewall Anti DDoS, SSL… Với 10 năm xây dựng và phát triển, ứng dụng nhiều công nghệ hiện đại, ONET IDC đã giúp hàng ngàn khách hàng tin tưởng lựa chọn, mang lại sự ổn định tuyệt đối cho website của khách hàng để thúc đẩy việc kinh doanh đạt được hiệu quả và thành công.
Bài viết liên quan

Setup a Kubernetes Cluster on DigitalOcean

Kubernetes is one of the few technologies that people struggle with not because it is complicated and hard to understand,...
28/12/2020

Top 7 Best Linux Terminals

It doesn’t matter if you’re a casual Linux user or a season system administrator, a good terminal emulator can vastly...
29/12/2020

[Rsyslog] [ApacheLog] [LAB] [Phần 2] Hướng dẫn cấu hình đẩy Log Apache về Ryslog Server

Tiếp nối phần 1, ở phần 2 mình sẽ hướng dẫn 2 cách đẩy Log Apache về Server Log tập trung. ...
30/12/2020
Bài Viết

Bài Viết Mới Cập Nhật

mua Proxy riêng ở đâu, và nó đem lại lợi ích gì cho người sử dụng
22/11/2022

Hướng dẫn sử dụng Proxy Helper Fakeip khi thuê proxy
21/11/2022

PROXY NUÔI TÀI KHOẢN FACEBOOK – KINH NGHIỆM FAKE IP – THUÊ PROXY GIÁ RẺ
14/11/2022

Mua Proxy Nuôi Zalo Giá Rẻ Tại Onet.com.vn
14/11/2022

BẢNG GIÁ MUA PROXY VIỆT NAM và PROXY US Onet.com.vn
14/11/2022