Reading the Application Info

Feb 26, 2015 at 4:06 AM
Dear All,
I have used this library to parse the Pcap. How can I filter the packets by the top known application like Skype, Facebook .

Please help me
Coordinator
Feb 27, 2015 at 1:04 PM
Hi sajukassim,

I don't think there's an easy way to do that.
Do you manage to filter such packets using Wireshark?

Boaz.
Feb 27, 2015 at 9:12 PM
Dear Brickner ..
Thank you very much for your early response..

As per the following Wireshark forum, it is not there...

Now I will look by the host address like.. Skype.net, www.facebook,com ect.

Which propery I can use for this info.
Also the protocol shows a number while parsing..
How can I get theprotocol like TCP,UDP ect...


https://ask.wireshark.org/questions/37227/filter-by-processpid-in-wireshark
Coordinator
Feb 28, 2015 at 10:35 AM
Edited Feb 28, 2015 at 10:37 AM
For the host address you can look at
packet.Ethernet.IpV4.Source 
or
packet.Ethernet.IpV4.Destination.
For the protocol just use
packet.Ethernet.IpV4.Protocol