Dear Wireshark Team, My name is Yoon-Seong Jang, a combined Master's and Ph.D. student at Korea University in the Republic of Korea.
We are currently conducting research focused on analyzing various types of application traffic and malicious traffic, with the goal of classifying them using deep learning techniques. In this process, Wireshark has been an invaluable tool and is widely used in our research. The reason I am reaching out via email is to ask about how Wireshark determines the protocol of each packet or flow when decoding a given pcap file. From our observations, it seems that the protocol is often determined based on the port number. However, we would greatly appreciate a more objective explanation or documentation regarding the actual rules or logic used by Wireshark for protocol decoding. A detailed explanation would be extremely helpful for our research. Thank you very much for taking the time to read this email despite your busy schedule. Sincerely, Yoon-Seong Jang
_______________________________________________ Wireshark-dev mailing list -- wireshark-dev@wireshark.org To unsubscribe send an email to wireshark-dev-le...@wireshark.org
