Wireshark-users: Re: [Wireshark-users] Decode As dialog doesn't offer SMB

From: Bill Meier <wmeier@xxxxxxxxxxx>
Date: Sat, 22 Nov 2008 00:00:26 -0500
John Walsh wrote:
Greetings,



I'm using dumpcap to capture edump files on the server for later examination on a development box. When I select Analyze -> Decode As, click the Transport tab of the Decode As dialog, and select source (1445) as the TCP setting, SMB isn't one of the choices in the protocol list. Should it be? Can I do something to make it appear? How should I tell wireshark to treat 1445 traffic as SMB?



The short answer: there's currently no way for a user to configure Wireshark so that traffic on port 1445 will be treated as traffic on port 445.

It's probably the case that it should be possible to configure Wireshark to do so;

However I'm not exactly sure as to the right way.

I've sent an EMail to wireshark-dev to give my thoughts and to see what others may suggest.