On Wed, Dec 13, 2006 at 10:53:10AM -0500, Trivedi, Nirav wrote:
> Thanks! If I wanted to look at other protocols and how the
> identification is made for each one, is there an easier way than to
> read through source code? Is the information published somewhere?
Not that I know of; the source
ronnie
sahlberg
Sent: Tuesday, December 12, 2006 6:39 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Protocol identification for msnms
wireshark detects when msnms is transported atop HTTP by looking at
the content-type of the HTTP header.
If content-type is "applicat
wireshark detects when msnms is transported atop HTTP by looking at
the content-type of the HTTP header.
If content-type is "application/x-msn-messenger" then the payload
inside the HTTP packet is deemed to be msnms.
see proto_reg_handoff_msnms() in packet-msn-messenger.c
On 12/12/06, Trivedi,
Applying the filter: msnms filters out the MSNMS protocol messages
regardless of the port number being used. How is this done?
Example: In cases where the port number is 80 instead of 1863 which is
the default for MSNMS(i.e. tunneling the MSNMS protocol through HTTP),
wireshark is still able
