Wireshark-dev: Re: [Wireshark-dev] Not able to apply diaplay filter for Gnutella
S H wrote:
Thanks for the reply.
I have 2 Gnutella clients Bearshare and Limewire. I start these P2P
applications. start Wireshark sniffing tool, and capture packets. I want
to sort these captured packets by protocol name. I tried "gnutella"
string as a display filter. It filtered out all the packet, the result
is nothing. But if I sort packets by port number, I am getting some
result for ex if I applied tcp.port==6346 (Gnutella port number), as a
display filter, I am getting filtered output with port number 6346. I
tried Kazaa also, no result with the protocol name. Bittorrent is
working with "bittorrent" as a display filter string.
Hmm, the Gnutella dissector registers for TCP port 6346 so it looks like
it should be picking up those packets. What is Wireshark labeling those
packets on port 6346? (What does the Info column say?)
Do you have the TCP option "Try heuristic subdissectors first?"
(Edit->Preferences->Protocols->TCP) turned on? If so, try turning it off.
If that doesn't help you could try sending a small sample capture to the
mailing list.