Wireshark-users: Re: [Wireshark-users] HTTP filter

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Thu, 06 Jan 2011 21:33:26 +0100
On 01/06/2011 12:59 PM, Andrej van der Zee wrote:
Hi,

Sorry if this message arrived twice.

Anyway, I was wondering if somebody could tell me how Wireshark decides
that a packet has the HTTP protocol. It must do some extra check in
addition to testing only for the port number being a standard HTTP port,
right?

Thanks,
Andrej



Hi,

Yeah, that's basically it. Or the media type is message/http.
All details can be found in epan/dissectors/packet-http.c

Thanks,
Jaap