Applying the filter:
msnms filters out the MSNMS protocol messages regardless of the port
number being used. How is this done?
Example: In cases
where the port number is 80 instead of 1863 which is the default for MSNMS(i.e.
tunneling the MSNMS protocol through HTTP), wireshark is still able to identify
the protocol as MSNMS and not just HTTP. From a development standpoint,
how is this identification made? Is it a deep packet inspection looking
for a particular pattern in the application layer data? If so, what
pattern? Thanks.
-Nirav
Trivedi