[Guy Harris <gharris@xxxxxxxxx>]

On Thu, Jan 02, 2003 at 03:23:09AM +0100, rmkml wrote:
> Which option can one use to do that (for specifier the port in tethereal) ?
> (like '-R' option dfilter expression)

There is no option that one can use to do that in Tethereal, as I said
in my message:

> > "Can I, in Tethereal, force traffic on port 81 to be treated as HTTP by
> > Tethereal?"
> >
> > The answer is "no", because nobody's written code to make it do so.  It
> > will be able to do so in the next version only if somebody contributes
> > code to make it do so.

If somebody wants to implement it, I would recommend *NOT* doing with
display filters, as there is no mechanism in the packet dissectors in
Ethereal/Tethereal to allow an arbitrary display filter to be used to
specify the next level of protocol to be used above a certain protocol,
and such a mechanism would require that protocol trees be constructed in
order to evaluate the display filter; constructing a protocol tree takes
CPU time, and it should be avoided if at all possible.

One could, instead, use the same mechanism that the "Decode As" menu
item uses, letting the user specify that a particular value in a
particular "dissector table" refer to a particular protocol, so that one
might do

	tethereal -Z tcp.port:81=http

or something such as that, specifying that a value of 81 in the
"tcp.port" dissector table should be interpreted as HTTP.  ("tcp.port"
here does *NOT* refer to the "tcp.port" field; dissector tables often
have a name that's the same as a field, but not all of them do, and most
fields are *NOT* associated with dissector tables.)