In Wireshark, you can resolve physical, network, and transport addresses. The packet capture, HTTP.cap, uses transport layer name resolution so that whenever a well-known or registered port is used, Wireshark will identify the application associated with the port number.

The following lists the port numbers, along with the generated information Wireshark provides, such as Stream Index and Segment Length:

• Source port 16-bit: This is the port on the sender side. In frame 5, the sender is most likely a web server, as the value is Source Port: http (80).
• Destination port 16-bit: This is the port on the receiver (client) side that tells the sender, When you deliver the data, use this port. In this case, the value is Destination Port: 57678 (57678), which is not associated with any application; it is an ephemeral or temporarily assigned port that is used in this connection. As a result, you will not see a protocol listed before the port number.
• Stream index: This value is shown in brackets, as Wireshark calculates this to keep track of the streams. A stream is a communication between two endpoints. In frame 5, we can see [Stream index: 0], which means this is the first stream in this capture. This value is a useful tool when doing an analysis, as you can easily right-click on a frame and select Follow | [TCP, UDP, SSL, HTTP] stream, as shown in the following screenshot:

• TCP segment length: In the transport layer, the PDU is a segment. The segment length is the value of the TCP payload, which is the data that follows the TCP header, and any options. This value is in brackets, as it is calculated by Wireshark. In frame 5, we can see [TCP Segment Length: 0]. This means there is no data following the header, which would make sense, as frame 5 is an acknowledgment of the data received in frame 4.

Next, we'll take a look at the fields that keep track of the data that's sent and received during data transmission.