sorting packets for particular ports in Matshark , wireshark

Question

0 votes

From a wireshark capture I have to sort out all the packets a given port (source or destination) , say port 443, 1080 is involved in communication. For that purpose I am using matshark (an open source tool ) which looks like

In the command window

If we type

>> b = matshark('28mar.pcap', {'frame.number', 'ip.src' , 'ip.dst', 'tcp.dstport','tcp.srcport'}, 'ip.version eq 4')
b = 
1x1295 struct array with fields:
    frame_number
    ip_src
    ip_dst
    tcp_dstport
    tcp_srcport
>> b(5)
ans = 
      frame_number: 5
            ip_src: '46.45.178.252'
            ip_dst: '172.20.113.214'
       tcp_dstport: 49234
       tcp_srcport: 443
 b(5)  gives the output of the frame number 5 , the fields value we desired for , in this case we desired for ip.src   ip.dest , dest port and source port.

Question 1. can we make a matrix out of the above with 1295x5(fields) dimesnsion. Something like

Frame.number   ip_src   ip_dst   tcp_dstport   tcp_srcport
1      172.20.10.23  85.17.72.66  80  52345
2      66.23.46.134  172.20.10.23    80  443
……

Question 2. We have to sort out all the packets where tcp.dstport = 80 or 443 or anything (sorry for not showing up the whole packet)

Hope I didn’t mess out the question much , you may need to get a capture by tcpdump or wireshark for getting a sample pcap .

P.S. – Matshark is a must tool for above exercise.

if you can suggest another way of sorting out packets associated with a particular port in wireshark also , it would be good but i would prefer going for a program hint.