How do I limit packet capturing in Wireshark to only a specific protocol?
Solution 1
In the filter field enter tcp.port eq 8080
Ref.: Wireshark: Help -> Manual pages -" Wireshark Filter ...
As far as I know this is an alternate HTTP port in TCP only:
HTTP alternate (http_alt)—commonly used for Web proxy and caching server, or for running a Web server as a non-root user and Apache Tomcat in TCP only
Ref.: http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Hope this help. Let us know. :)
Solution 2
You can also use a capture filter to filter out the udp packets:
not udp port 1900
You can find more information about capture filters in the Wireshark User's Guide or the Wireshark Wiki.
Solution 3
tcp.port == 8080
Related videos on Youtube
Comments
-
Jonas over 1 year
I would like to listen to HTTP traffic on port 8080. When I start capturing packets in Wireshark, it's flooded by packets using the SSDP protocol on port 1900. I would like to limit the packet capturing to only HTTP or maybe only HTTP on port 8080. How can I do this in Wireshark?
On
File > Preferences...
and underProtocols
I have removed the 1900 port from HTTP and 8080 is already there.I have typed
http
in the "Filter" textfield, but it doesn't seem to have any effect. -
Jonas about 12 yearsThis returns a syntax error message.
-
Admin about 12 yearsDid you use it a a display filter? This is a capture filter (not a display filter). You have to add it before you start capturing: Wireshark Capture | Options Add the capture and hit start. If you want to use Tshark to capture packets: $ tshark -i 4 -f "not udp port 1900" -w not_udp.pcap
-
Jonas about 12 yearsYou can edit your other answer instead of posting another one.
-
Hippyjim almost 11 yearsThis tells me it's not a valid capture filter, and i should use a display filter - any ideas?