Wireshark · Wireshark-dev: [Wireshark-dev] regarding Wireshark's TCP plugin

Wireshark-dev: [Wireshark-dev] regarding Wireshark's TCP plugin

From: Selçuk Cevher <cevhers@xxxxxxxxx>

Date: Tue, 14 Jul 2009 15:59:40 +0300

Hi,

Does Wireshark's TCP plugin only use port numbers or some other additional mechanisms to identify the application layer traffic ?

To me, using only port numbers does not make sense.

If it uses other mechanisms for traffic identification, what are these ?

For example, in case of POP3 and SMTP, Is Wireshark capable of identifying the POP3 or SMTP traffic even if a mail client uses a server connection port other than 110 for POP3 and 25 for SMTP.

Thanks.

Follow-Ups:
- Re: [Wireshark-dev] regarding Wireshark's TCP plugin
  - From: Guy Harris

Prev by Date: Re: [Wireshark-dev] How to capture udp data?
Next by Date: [Wireshark-dev] buildbot failure in Wireshark (development) on OSX-10.5-x86
Previous by thread: Re: [Wireshark-dev] Implementation and Integration of new Protocol
Next by thread: Re: [Wireshark-dev] regarding Wireshark's TCP plugin
Index(es):
- Date
- Thread