First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Identifying source & destination port #'s

  • retag add tags

New to wireshark. Not wanting anyone to spend too much time in answering this question. Trying to be polite. If you want to reference me to a specific article or example; that would be great .

in conjunction with studying for ccna ... was looking for some help with the following.

Example: If I typed in www.bing.com into my web browser ... and I was successful in accessing the site. And then I performed a ping to www.bing.com / which was successfull. I see from the ping response that I can determine [www.bing.com]'s Destination IP address = 2620:1ec:c11::200 .

If I perform for example, a powershell session and perform a 'netstat' command to view my pc's network activity :

I can see relatively / easily that the Destination Port # 443 / which is [ default ] for https.

But, due to much information that is populated from the 'netstat' search, i cannot figure my pc's exact [ source port # ] for my particular web request to: www.bing.com .

Can a wireshark capture assist me with determining my pc's specific [ source port # ] that was used during the web search ?

I know my pc's ip address. I know how to set a TCP protocol filter on wireshark. Just not too savy , for example ; in finding a specific 'source-port #' . Could anyone possibly assist ?

Thank you ! secrseel

secrseel's avatar
3
secrseel
asked 2019-06-23 05:27:06 +0000
Jaap's avatar
13.7k
Jaap
updated 2019-06-23 05:44:58 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

Few things.

The browser opens one (or more) TCP connections to the bing server to get the HTTP page information, but then closes them once the pages are received. Therefore you won't see them using netstat because they would be long gone before you can look.

Wireshark on the other hand captures the network traffic as it happens. So it can show you the TCP packets involved and therefore the port numbers involved in these connections. Find the TCP packets with the correct IP addresses (yours and bing's) and then look at the TCP layer details. It shows you the port number at bing's end (443) and the port number at your end.

Jaap's avatar
13.7k
Jaap
answered 2019-06-23 06:02:09 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Jaap First of all, thank you for cleaning up my horrible entry of my first question to wireshark. I will become better at submitting properly. Thank you for your help. Secondly, thank you for taking the time to answer my question . It was very informative, and I am very appreciative of your help.

secrseel

secrseel's avatar secrseel (2019-06-23 06:25:48 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer