Wireshark mailing list archives
Re: "decode as" with wireshark
From: Guy Harris <guy () alum mit edu>
Date: Thu, 10 Dec 2009 19:53:33 -0800
On Dec 10, 2009, at 4:25 AM, Filipe Santos wrote:
After this I decoded my UPnP ports with tshark with this code: tshark -r $inputfile -d tcp.port==$port,http but I want to see my capture with wireshark. Since wireshark doesn't have the -d (decode) option. How can I do it?
"Decode As..." is a menu item in Wireshark. It's under the "Analyze" menu. Select one of the UPnP packets, select Analyze -> Decode As..., select the "Transport" tab in the "Decode As" dialog that pops up, select the appropriate port (source or destination), select HTTP from the list of protocols, and click "OK". Or run either Wireshark *or* TShark with the option -o http.tcp.port:80,3128,3132,8080,8088,11371,3689,1900,$port although note that if you save your preferences while running Wireshark, the HTTP "TCP ports" preference will be set to the string in question, so that it'll dissect the port in question as HTTP. (If you have multiple ports, append a comma-separated list of the ports to "http.tcp.port:80,3128,3132,8080,8088,11371,3689,1900".) "-d" isn't currently in use as a Wireshark command-line option, so it might be worth looking into implementing it in the same way it's used in TShark. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- "decode as" with wireshark Filipe Santos (Dec 10)
- Re: "decode as" with wireshark Guy Harris (Dec 10)