Wireshark map/resolve ip & ports combination to different service names
I have a sip application server which have multiple service having same IP but different ports. Is it possible in wireshark to some how map/resolve ip & ports combination to different services names?
Comments
Where would the "service name" be displayed or how would it be used?
A sip server is having multiple logical application servers. All these logical application servers have same IP address but different ports. During a call traffic flows from logical server 1 with port 5060 then goes out to another sip server which then sends call towards logical server 2 with port 5070.
You can set coloring rules for conversations but that would only be available in the packet list.
Did you want "service name" to be displayed in the Packet Details or searchable with a Display Filter?
Problem is I am not able to identify (unless I remember all ports used by different logical servers) which logical server is being used by checking the pcap trace. Currently I am using host file to resolve ip address but as host file can't have port details it becomes difficult to troubleshoot issues in the network.
The documentation could be a little clearer. You can have a services file per profile.
Would mapping the port number to a service name help?
It would require maintaining and switching to a profile based on which server the pcap is for.