I thought the easiest way was to find a packet for the HTTP trafic and
then 'decode as'/both/HTTP and Ethereal would redo the dissection?
It worked for me anyway. Was I missing some functionality by doing it that way?
Alex.
On Thu, 24 Mar 2005 11:55:15 -0800, Guy Harris <gharris@xxxxxxxxx> wrote:
> Maurizio Merli wrote:
> > How can I capture HTTP on port different from 80?
>
> Capture, or dissect?
>
> You can capture HTTP on a port different from 80 either by using no
> capture filter or a capture filter that captures traffic to and from
> that port, e.g. "tcp port 6660" if it's port 6660.
>
> Now, if the traffic is on port 6660, Ethereal won't dissect it as HTTP,
> but that does *NOT* mean that it's not capturing it!
>
> If you want Ethereal to dissect that traffic as HTTP, and it's not one
> of the ports the HTTP dissector knows about, namely ports 80, 3128,
> 3132, and 8080, as well as ports 11371 (for some protocol called "HKP"
> that apparently runs atop HTTP), 3689 (for Apple's HTTP-based Digital
> Audio Access Protocol), 1900 (for SSDP, which I think is part of
> Universal Plug'n'Play), and some other ports for protocols that use HTTP
> such as the Internet Printing Protocol, you will need to be running
> Ethereal 0.10.10 (or any future release), and will need to set the
> "Alternate TCP Port" protocol for HTTP to the port in question.
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>
