Wireshark-users: Re: [Wireshark-users] how to find http headers

From: Abhik Sarkar <sarkar.abhik@xxxxxxxxx>
Date: Wed, 24 Mar 2010 14:52:23 +0400
If it is specific custom headers you are after, then you can go to the HTTP protocol preferences and add them in "Customer HTTP header fields". Once you have added them and restarted, you can filter on the headers.

For example, if the header is called X-WAP-MSISDN, after the above steps you will have a field called "http.header.X-WAP-MSISDN". You can filter on that using the display filter then. For example "http.header.X-WAP-MSISDN matches "^9715[056].*"

If you don't know the headers then you might want to try "http and frame matches <regular _expression_>" or "http and frame contains <string>"

Hope this helps
Abhik

On Wed, Mar 24, 2010 at 1:18 PM, a bv <vbavbalist@xxxxxxxxx> wrote:
Hi ,
I have done multiple captures both with wireshark or other tools and
like to analyze them with wireshark.   What i want to do is analyze
the traffic and look for patterns /http headers releated to instant
meesaging traffic , mostly windows live , msn messenger traffic and
take this and add to the ips for blockiing. So what is the best
practices for that?

Regards
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe