Wireshark-dev: [Wireshark-dev] Subdissectors for HTTP connect traffic
From: Stephen Fisher <[email protected]>
Date: Thu, 13 Jul 2006 13:35:22 -0700
Does anyone have any suggestions on a good way to implement a feature 
where protocols tunneled through an HTTP connect (proxy) can be 
dissected like the Socks dissector does?  The http dissector does not 
keep any data about conversations.  This would probably need to be added 
so that once the connect request and response are done, the dissector 
would know to pass the data from packets 3 and beyond to the 
subdissector of the protocol specified by the port in the connect 

For example:

Request: CONNECT hostname:port HTTP/1.0
Response: HTTP/1.0 200 Connection established
<port's conversation begins, such as ssh>