This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Mapping a well known protocol to a custom port

1

I have an http server that listens on port XXXX where XXXX is not 80 or 8080. Wireshark does not recognize the traffic to the server as http. What can I do to map port XXXX to http.

asked 01 Jul '12, 14:52

dheerajrs's gravatar image

dheerajrs
16112
accept rate: 0%

Maybe a patch is required to automatically do this?

(12 May '13, 15:38) gak

3 Answers:

6

The non-standard http port can be specified by setting one of the HTTP preferences

In Wireshark do:

Edit ! Preferences ! Protocols ! HTTP

answered 01 Jul '12, 15:00

Bill%20Meier's gravatar image

Bill Meier ♦♦
3.2k1850
accept rate: 17%

This works but only with HTTP and SSL.

(12 May '13, 15:38) gak

In order to specify this on the command line, you can use: wireshark -o http.ssl.port:4433 (port 4433 for HTTPS) and wireshark -o http.tcp.port:8080 (port 8080 for HTTP). It should also be possible to specify range (8080-8082,8084), but I haven't tested that.

(13 Sep '13, 05:17) Lekensteyn

2

For HTTP, you can add additional ports in the HTTP preferences as Bill explained. In a more general manner you can always use "Decode As..." to specifically decode some traffic as a certain protocol. You can rightclick on a packet and choose "Decode As...".

answered 01 Jul '12, 22:25

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

0

do edit the preferences file, add the specified port no in the list of pre-configured port nos list.That will solve the problem.

answered 15 May '13, 22:24

Sanny_D's gravatar image

Sanny_D
0182021
accept rate: 50%