Wireshark
the world's foremost network protocol analyzer
Wireshark-users: [Wireshark-users] Protocol Identification using Payload Content
From: "Isara Anantavrasilp" <isara.a@xxxxxxxxx>
Date: Mon, 5 May 2008 21:12:34 +0200
Hi, First of all, I am sorry if my question is not directly related to Wireshark. (Actually, I really have no idea where to ask exactly.) Anyway, my problem is as follows. I need to identify the protocols of the packets in some packet traces. In these traces, some small fractions of payloads are available (not only headers but not really full-payload). As far as I know, Wireshark can identify the protocols of these packets. This it is done by matching the packet transportation ports to the known application ports. However, this method is not reliable. So I would like to identify the protocol with protocol signature instead. And by "protocol signatures", I mean the specific strings or contents of the protocols. (Like some HTTP packets got "GET" or "POST" in the packets.) Can this be done be Wireshark? Do you have any idea where I can get such a list protocol signatures? (It is most likely that I would have to develop an automated application for the identification.) Thank you very much. Cheers, Isara Anantavrasilp
- Follow-Ups:
- Prev by Date: [Wireshark-users] SSL issue - using key but not decoding data
- Next by Date: Re: [Wireshark-users] SSL issue - using key but not decoding data
- Previous by thread: Re: [Wireshark-users] SSL issue - using key but not decoding data
- Next by thread: Re: [Wireshark-users] Protocol Identification using Payload Content
- Index(es):