I captured bitcoin protocol communication in real-time and it is present in fig1 and fig2.
In red box, there are many types of command.
How can Wireshark detect bitcoin communication and parse them? I think the packet that socket sends may have something what I don't know.
In red box of fig2, you can see many properties of packet. this is definitely defined by software program, not hardware such as router. Real data that client send is really just hex data which is encoded by specific rule.
How Wireshark can parse data received? Bitcoin client can parse it because they know the rule but Wireshark doesn't know anything since Wireshark is thrid-party program, which no have any relation with Bitcoin software.
Sorry for my English.