Ethereal-users: Re: [Ethereal-users] force protocol

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 25 Nov 2003 12:08:07 -0800
On Tue, Nov 25, 2003 at 11:59:46AM -0800, cipz wrote:
> hi all, i wasnt able to find the answer by searching
> the ethereal site probably because i dont know the
> correct terminiology for what i want to do.  a common
> trick of students at the college i go to is to change
> the AIM client port from 5190 to 23 thus spoofing as
> telnet traffic.  sadly, this is enough to get past the
> firewall, but my question is how do i force ethereal
> to examine data from/to tcp port 23 as the AIM
> protocol.
> 
> i know the data im looking at is AIM stuff, but
> ethereal analyzes it as if it were telnet data.  how
> do i change this?

Select one of the AIM packets, select "Decode As..." from the "Tools"
menu, make sure the "Transport" tab is the one that's selected (it is,
by default), select from the menu between "TCP" and "port(s)" the item
for port 23, select "AIM" from the list after "port(s) as", and click
"OK".