Hi,
I use wireshark to capture mobile application traffic but my problem is how can I segregate traffic for a particular application. Since other apps continue to communicate with their respective servers or even if no application is opened, there is background traffic for other system processes.
Is there any filter I can use?
Thanks.
You probably want a display filter on TCP (or UDP) port. Most applications will use a specific port along with protocol (TCP or UDP) to identify which specific application is sending and receiving the data on the network.
Here is an older question with some details: https://osqa-ask.wireshark.org/questions/41300/filter-with-destination-port .
Here is some info as well.
Do you know which port and protocol your specific application uses?
It is possible to do a capture filter where only the specific traffic you want is captured and saved for analysis. I don't recommend this in the beginning until you know exactly what you are looking for so I would capture everything then use display filters to hide the trivial many packets from the critical few you are looking for.
Comments