Ask Your Question

Revision history [back]

Most dissectors that run on tcp or udp explicitly register their association on specific ports, usually those registered with IANA or commonly used in practice and some dissectors have preference settings to allow ports (or a range) to be specified.

The association can be overridden by a user with the "Decode As ..." option.

Other dissectors are heuristic, in that they will inspect a number of octets in the data and determine if this is "their" protocol. Options exist to allow heuristic dissectors first run at data, rather than registered ones (tcp\udp; "Try heuristic dissectors first"). Heuristic dissectors can be fooled and wrongly dissect traffic that isn't "theirs", that's why the option to try them first is off by default.

The default port range for the HTTP dissector is 80,3128,3132,5985,8080,8088,11371,1900,2869,2710