From a wireshark capture I have to sort out all the packets a given port (source or destination) , say port 443, 1080 is involved in communication. For that purpose I am using matshark (an open source tool ) which looks like
In the command window
If we type
>> b = matshark('28mar.pcap', {'frame.number', 'ip.src' , 'ip.dst', 'tcp.dstport','tcp.srcport'}, 'ip.version eq 4')b = 1x1295 struct array with fields: frame_number ip_src ip_dst tcp_dstport tcp_srcport>> b(5)ans = frame_number: 5 ip_src: '46.45.178.252' ip_dst: '172.20.113.214' tcp_dstport: 49234 tcp_srcport: 443 b(5) gives the output of the frame number 5 , the fields value we desired for , in this case we desired for ip.src ip.dest , dest port and source port.Question 1. can we make a matrix out of the above with 1295×5(fields) dimesnsion. Something like
Frame.number ip_src ip_dst tcp_dstport tcp_srcport1 172.20.10.23 85.17.72.66 80 523452 66.23.46.134 172.20.10.23 80 443……Question 2. We have to sort out all the packets where tcp.dstport = 80 or 443 or anything (sorry for not showing up the whole packet)
Hope I didn’t mess out the question much , you may need to get a capture by tcpdump or wireshark for getting a sample pcap .
P.S. – Matshark is a must tool for above exercise.
if you can suggest another way of sorting out packets associated with a particular port in wireshark also , it would be good but i would prefer going for a program hint.
Best Answer