https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6223
--- Comment #5 from Walter Benton <wbenton@xxxxxxxxxxxxxxxx> 2011-08-15 09:43:23 JST ---
(In reply to comment #4)
> Another alternative might be to have a heuristic HTTP dissector - it would, of
> course, have to mark the entire connection as HTTP, as an HTTP packet can
> contain arbitrary random sequences of bytes (PUT/POST request or GET reply
> data) and wouldn't be recognizable as HTTP unless we'd already seen something
> that looked like an HTTP request or reply earlier i the connection.
If I add port 12080 as an HTTP port number, then the port number should win out
over a lower port number. (i.e. for standard port numbers, the lower port
number should win out, but for user specified port numbers, they should take
precedence!
Likewise, even if I try to force a dissect where I specify either src.port ==
12080, dst.port == 12080 or both (tcp.port == 12080) and hit the decode button,
it STILL DOES NOT dissect it per my "decode as" instruction! I don't know why
but It dissects properly for some ports but not other ports.
It's a headache having HTTP packets which show up as just plain TCP or other
weird protocols which I know are NOT roaming my network. And as I cannot
change the proxy port number... internal data monitoring becomes one bit PITA.
Thus I recommend changing the "Importance" of this bug from [Low] to [Medium]
or perhaps even [High]!
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.