Wireshark · Wireshark-users: Re: [Wireshark-users] Decode as different protocol

Wireshark-users: Re: [Wireshark-users] Decode as different protocol

From: Abhik Sarkar <sarkar.abhik@xxxxxxxxx>

Date: Tue, 24 Jan 2012 19:52:19 +0400

Hi Manolis

Edit > Preferences > Protocols > SIP > SIP TCP Ports

You can add 5500 in a comma separated list there.

HTH
Abhik

On Tue, Jan 24, 2012 at 7:33 PM, Manolis Katsidoniotis <manoska@xxxxxxxxx> wrote:

Hello all

In the attached snapshot, frame 2767 is a sip packet sent via TCP to destination port 5500.
I'm assuming that because of the port number, wireshark assumes that it is a vnc frame (Virtual Network Computing).

I change this by selecting the packet and using the "Decode As" option.
However this needs to be done every time I open wireshark.
Does anyone happen to be aware of doing this permanent (i.e. modifying some start-up file)?

Thanks in advance
Manolis

___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

Follow-Ups:
- Re: [Wireshark-users] Decode as different protocol
  - From: Manolis Katsidoniotis

References:
- [Wireshark-users] Decode as different protocol
  - From: Manolis Katsidoniotis

Prev by Date: [Wireshark-users] Decode as different protocol
Next by Date: Re: [Wireshark-users] Decode as different protocol
Previous by thread: [Wireshark-users] Decode as different protocol
Next by thread: Re: [Wireshark-users] Decode as different protocol
Index(es):
- Date
- Thread