Wireshark · Wireshark-users: [Wireshark-users] Summary View Info Column

Wireshark-users: [Wireshark-users] Summary View Info Column

From: "Keith French" <keithfrench@xxxxxxxxxxxxx>

Date: Fri, 28 Mar 2008 11:06:25 -0000

When a TCP session is initialised or closed, the TCP SYN & FIN handshakes shows the port numbers at the start of the Info column in the Summary view within Wireshark. This always used to take the format (in the case of a SYN) of the unresolved source port followed by the destination resolved port. So you might see something like:-

4000 > http [SYN]

In recent versions of Wireshark this behaviour seems to have changed, in that it tries to resolve the source port of the SYN as well. The name it resolves it to (on my PC anyway) is often misleading:-

qsnet-trans > http [SYN]

I have looked in the preferences, but cannot find anywhere to force the info column to display this port unresolved (i.e. just it's port number).

Is there a way to do this?

Keith French.

Follow-Ups:
- Re: [Wireshark-users] Summary View Info Column
  - From: Andrew Hood
- Re: [Wireshark-users] Summary View Info Column
  - From: Stephen Fisher

Prev by Date: Re: [Wireshark-users] Wireshark-users_Digest,_Vol_22,_Issue_75
Next by Date: [Wireshark-users] Whireshark 0.99.7 can't find libgnutls.so.13 on Solaris 10
Previous by thread: Re: [Wireshark-users] Wireshark-users_Digest,_Vol_22,_Issue_75
Next by thread: Re: [Wireshark-users] Summary View Info Column
Index(es):
- Date
- Thread