Open In App

Endpoints in Wireshark

Last Updated : 29 Sep, 2022
Improve
Improve
Like Article
Like
Save
Share
Report

An “Endpoint” in simple terms is the logical endpoint that communicates back and forth with a network to which it is connected. It refers to a unit at the end of a communication channel. These are designed to perform specific or limited functions. In a network, it is the logical endpoint of separate protocol traffic of a specific protocol layer.  An IP endpoint will only send and receive packets to specific IP addresses. In Wireshark, a Conversation is between two Endpoints (one side of the Conversation).

Endpoints Tool in Wireshark: 

To view the “endpoint statistics”, follow the below steps :

  • Start the Wireshark by selecting the network we want to analyze.
  • Now go into the Wireshark and click on Statistics→ Endpoints menu or toolbar item.
Wireshark Statistics Menu

 

This will then bring up Wireshark’s endpoint statistic window.

Wireshark Endpoints on WiFi

 

The above screenshot displays the statistics about the endpoints captured. Endpoints are similar to conversations. It is the listing of all the devices on each type of layer and the details about them. We can see layers of endpoints, which are Ethernet, IPv4, IPv6, and TCP or UDP

Endpoint and Conversation types :

  • Bluetooth: A 48-bit mac address similar to Ethernet.
  • Ethernet: Similar to the Ethernet device’s 48-bit mac address.
  • Fibre Channel: A 48-bit mac address similar to Ethernet.
  • IEEE 802.11: A 48-bit mac address similar to Ethernet.
  • FDDI: A 48bit mac address similar to FDDI.
  • IPv4: Similar to the 32-bit IPv4 address.
  • IPv6: Similar to the 128-bit IPv6 address.
  • IPX: A sequence of a 32-bit network number and 48-bit node address, by default it is a 48-bit mac address similar to Ethernet.
  • JXTA: A 160-bit SHA-1 URN.
  • NCP: It is similar to IPX.
  • RSVP: A combination of various RSVP session attributes and IPv4 addresses.
  • SCTP: It is the combination of the host IP addresses and the SCTP port. The SCTP endpoints are different when the IP addresses are the same and the SCTP port is different. But the SCTP port is the same if the SCTP port on different IP addresses of the same host is the same.
  • TCP: It is the sequence of an IP address followed by the TCP port used. The TCP endpoints are different if the TCP ports on the same IP address are different.
  • Token Ring: A 48-bit mac address similar to Token Ring.
  • UDP: It is the sequence of an IP address followed by the UDP port used. The UDP endpoints are different if the UDP ports on the same IP address are different.
  • USB: Similar to the 7-bit USB address.

Controls of Endpoint Statistic Window:

  • From the endpoint statistic window, we can see that each supported protocol has a separate tab. And each tab label shows the name of the protocol followed by the number of endpoints captured (for example the tab label “TCP 37” tells us that 37 TCP endpoints have been captured). The tab label will be greyed out if the number of endpoints of a specific protocol is 0.
  • Each tab of a specific protocol has a list of rows. Each row displays the values for exactly one endpoint.
  • The Name Resolution checkbox will be checked only if it is selected in the main window and if it is active for the specific protocol layer.
  •  Limit to display filter will only display outcomes matching the current display filter. 
  • Endpoint Types allow us to select which protocol type will be displayed.
  • The Copy option will copy all the values in that specific tab to the clipboard in CSV, YAML, or JSON format.
  • The Map option will display the endpoints mapped in the web browser.

author
kaalel
Improve
Next Article
DNS in Wireshark

Similar Reads

SNMP Users Table in Wireshark
An Internet Standard protocol called Simple Network Management Protocol (SNMP) is used to gather and organize information about managed devices, and monitor, and manage the exchange of information between managed devices on IP networks. SNMP User Table in Wireshark:The SNMP (Simple Network Management Protocol) user table is used by Wireshark to dec
2 min read
SMI (MIB and PIB) Paths in Wireshark
OID resolution and MIB and PIB parsing are both performed using LibSMI. If the libSMI feature is supported by your version of Wireshark, you can enter one or more paths to the MIB and PIB modules here. Directory name:A directory for modules, such as /usr/local/snmp/mibs. The default SMI path for your system is automatically used by Wireshark, so yo
3 min read
Viewing Packets You Have Captured in Wireshark
Prerequisite: Wireshark – Packet Capturing and Analyzing After capturing some packets or after opening a previously saved captured file, we have to analyze and view the captured packets in detail. To view the packets that are displayed in the packet list pane, simply click on a packet that you want to analyze in the packet list pane, it will bring
2 min read
ONC-RPC Programs in Wireshark
The ONC-RPC protocol is a set of standards for remote procedure calls and allows computer programs to communicate over the network. This article will help you to understand ONC-RPC (ONC Remote Procedure Call) programs that transmit information through Wireshark. ONC-RPC:In the field of software design, a remote procedure call (RPC) is a way for a c
4 min read
Bluetooth Devices in Wireshark
Bluetooth is a popular protocol for building wireless. A common use for Bluetooth is to connect mobile phone accessories, but there are other applications such as Wireless Mouse and Keyboard for Computers. Uses for Bluetooth Include:Hands-free cellular headset - for calls.A2DP headset - for high-quality music (and often supports calls as well) Cark
3 min read
Steps of Marking Packets in Wireshark
In Wireshark, we can mark captured packets in the “Packet List” pane so that some essential packets can be found easily in a capture file having many captured packets. The packets which are marked are displayed with a black background and white foreground, even if they have pre-defined coloring rules already set. When we mark a packet, its entry di
2 min read
MATE’s Configuration Library in Wireshark
MATE stands for Meta Analysis and Tracing Engine. Using this plugin, the user is allowed to define the relationships between various frames. To accomplish this, the Frames tree is quite helpful as MATE collects data from here and then attempts to organize the frames by how MATE is set up. Whenever the PDUs get connected, MATE will build a “protocol
3 min read
ARP in Wireshark
Address resolution protocols are used to dynamically discover mappings between layer 3 (protocol) and layer 2 (hardware) addresses. A common usage is to map an IP address (e.g., 192.168.0.10) to an underlying Ethernet address (e.g., 01:02:03:04:05:06). These addresses are determined via his ARP, so you'll often see his ARP packets at the start of a
5 min read
HART-IP in Wireshark
Wireshark is a packet sniffing and free open-source packet analysis tool. It captures network traffic on the local network and stores this data and displays the captured data for offline analysis. Wireshark captures network traffic from various sources such as Ethernet, Bluetooth, wireless fidelity, etc. So, in this article, we will learn about the
2 min read
Packet Details Pane Functions in Wireshark
The Packet Details Pane in Wireshark is where you can see the details of the individual packets captured by Wireshark. The pane is divided into several sections, each of which provides different types of information about the packet. the Packet Details pane contains several functions that can help you to analyze and interpret the captured packets.
2 min read
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox