Wireshark · Wireshark-users: Re: [Wireshark-users] Multiple ports in tshark decode as

Wireshark-users: Re: [Wireshark-users] Multiple ports in tshark decode as

From: Sake Blok <sake@xxxxxxxxxx>

Date: Tue, 29 Jan 2008 23:27:34 +0100

On Tue, Jan 29, 2008 at 03:31:44PM -0600, Sadiq Shareef XX wrote:
>
> I am trying to decode two non standard http ports (eg. 4567 & 7865) as
> http traffic in a pcap file. 
> Currently we use the GUI to say "decode as" twice (one for each port)
> under the analyze menu. We want to do this on the command line. 

Within Wireshark there is now an http protocol preference in which
you can select port ranges to be decoded as http. Have a look at the
protocol preferences for http.

You can override the configured http protocol preference by using
the following option (works on both Wireshark and Tshark):

tshark -o http.tcp.port:80,81,8000-8099,9999

which would decode traffic on port 80, 81, 8000, 8001, ... ,8099 and
9999 as http traffic.

Cheers,
    Sake

References:
- [Wireshark-users] Multiple ports in tshark decode as
  - From: Sadiq Shareef XX

Prev by Date: [Wireshark-users] Multiple ports in tshark decode as
Next by Date: [Wireshark-users] Using Editcap to extract UNISTIM VoIP Call
Previous by thread: [Wireshark-users] Multiple ports in tshark decode as
Next by thread: [Wireshark-users] Using Editcap to extract UNISTIM VoIP Call
Index(es):
- Date
- Thread