On 04/03/14 10:26, John Dill wrote:
I have network traffic that uses TCP port 8080 for sending non-http data (on a private network with its own custom application layer on top of TCP an UDP). Is there a recommendation for how to override or remove this dissector? I still have port 80 for http traffic. I can remove port 8080 from the default http dissector TCP port options, and strip 'http-alt' out of services (to be replaced with a different well-known service name). Is there anything else?
You don't have to change the services file unless you don't want to see port 8080 translated into "http-alt" in Wireshark.
Removing port 8080 from the HTTP dissector's preference is probably the best way. If you have a custom dissector for your protocol, registering it for port 8080 *might* override the HTTP dissector but it's not guaranteed (last I checked). As Alexis mentioned Decode-As would override it.
I also noticed a disabled_protos.[ch], so maybe there is a feature to disable other protocols. Is there a feature that could be used to hide protocols I don't need in the Filter Expression (to reduce the list to simplify the interface to users)?
No, I don't think there's a way to simplify what's in the Filter Expression dialog short of removing dissectors from Wireshark (probably more effort than it's worth).
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
