Wireshark-dev: Re: [Wireshark-dev] Not able to apply diaplay filter for Gnutella

From: "S H" <sp2ptest@xxxxxxxxx>
Date: Wed, 25 Apr 2007 13:33:15 -0700
Thanks for the reply.
I have 2 Gnutella clients Bearshare and Limewire. I start these P2P applications. start Wireshark sniffing tool, and capture packets. I want to sort these captured packets by protocol name. I tried "gnutella" string as a display filter. It filtered out all the packet, the result is nothing. But if I sort packets by port number, I am getting some result for ex if I applied tcp.port==6346 (Gnutella port number), as a display filter, I am getting filtered output with port number 6346. I tried Kazaa also, no result with the protocol name. Bittorrent is working with "bittorrent" as a display filter string.
Thanks,
SH

On 4/24/07, Jeff Morriss <jeff.morriss@xxxxxxxxxxx> wrote:


S H wrote:
> Hi,
> I am testing display filter for P2P protocol.  I captured network
> packet, which has Gnutella packets. I want to apply display filter for
> Gnutella and identify Gnutella.  I can test bittorrent P2P application
> by "bittorrent" name in the display filter field, it does work. I am not
> able to test Gnutella, or any other protocol by using display filter as
> "Gnutella". Does anybody knows how to apply display filter for Gnutella
> or any other P2P protocol. Any help would be appreciated.

Do you see Gnutella packets and just can't filter for them?

Did you try "gnutella" (note the lower case "g")?

Else you might want to try changing the port number used by the Gnutella
dissector (Edit->Preferences->Protocols->Gnutella).

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev