Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Subdissectors for HTTP connect traffic

From: Stephen Fisher <stephentfisher@xxxxxxxxx>
Date: Thu, 13 Jul 2006 13:35:22 -0700
Does anyone have any suggestions on a good way to implement a feature 
where protocols tunneled through an HTTP connect (proxy) can be 
dissected like the Socks dissector does?  The http dissector does not 
keep any data about conversations.  This would probably need to be added 
so that once the connect request and response are done, the dissector 
would know to pass the data from packets 3 and beyond to the 
subdissector of the protocol specified by the port in the connect 
request.

For example:

Request: CONNECT hostname:port HTTP/1.0
Response: HTTP/1.0 200 Connection established
<port's conversation begins, such as ssh>


Thanks,
  Steve