When a TCP session is initialised or closed, the TCP SYN & FIN handshakes shows
the port numbers at the start of the Info column in the Summary view within
Wireshark. This always used to take the format (in the case of a SYN) of the
unresolved source port followed by the destination resolved port. So you might
see something like:-
4000 > http [SYN]
In recent versions of Wireshark this behaviour seems to have changed, in that
it tries to resolve the source port of the SYN as well. The name it resolves it
to (on my PC anyway) is often misleading:-
qsnet-trans > http [SYN]
I have looked in the preferences, but cannot find anywhere to force the info
column to display this port unresolved (i.e. just it's port number).
Is there a way to do this?
Keith French.
_______________________________________________
Wireshark-users mailing list
Wireshark-users@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-users
