This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How do you filter based on protocol?

0

I added my own dissector to wireshark and compiled everything. I want to filter the packets so it only captures the ones that register as the "CDMI" protocol.

The protocol is an extension to HTTP on port 80 if that helps.

asked 10 Feb '11, 10:49

Rodayo's gravatar image

Rodayo
61111115
accept rate: 0%


One Answer:

0

Capture filters have no knowledge about dissectors but are based on the BPF filtering rules. This is done to make them fast and safe to run in the kernel.

How is your "CDMI" protocol an extension to HTTP? Does it use it's own methods instead of GET/POST? Or does it run on top of HTTP?

answered 10 Feb '11, 16:23

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

There will be an extra along with the HTTP ones:

...

X-CDMI-Specification-Version: 1.0 { ... }

...

But I figured this out yesterday, lol. Thanks anyways.

(11 Feb '11, 14:23) Rodayo