Wireshark mailing list archives
Re: overriding dissector for port 8080
From: "John Dill" <John.Dill () greenfieldeng com>
Date: Fri, 4 Apr 2014 09:56:34 -0400
Message: 4 Date: Thu, 03 Apr 2014 16:14:53 -0400 From: Jeff Morriss <jeff.morriss.ws () gmail com> To: Developer support list for Wireshark <wireshark-dev () wireshark org> Subject: Re: [Wireshark-dev] overriding dissector for port 8080 Message-ID: <533DC13D.8010808 () gmail com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed On 04/03/14 10:26, John Dill wrote:I have network traffic that uses TCP port 8080 for sending non-http data (on a private network with its own custom application layer on top of TCP an UDP). Is there a recommendation for how to override or remove this dissector? I still have port 80 for http traffic. I can remove port 8080 from the default http dissector TCP port options, and strip 'http-alt' out of services (to be replaced with a different well-known service name). Is there anything else?You don't have to change the services file unless you don't want to see port 8080 translated into "http-alt" in Wireshark.
Yeah, the avionics network architecture defines its own Well Known Services for several TCP and UDP ports, so I'd have to eventually create a custom 'services' file to document all the ports.
Removing port 8080 from the HTTP dissector's preference is probably the best way. If you have a custom dissector for your protocol, registering it for port 8080 *might* override the HTTP dissector but it's not guaranteed (last I checked). As Alexis mentioned Decode-As would override it.
Unfortunately, I do not have the TCP dissector component working yet (the message structure has to be somewhat reverse engineered), so I'll have to try that out when I get it working.
I also noticed a disabled_protos.[ch], so maybe there is a feature to disable other protocols. Is there a feature that could be used to hide protocols I don't need in the Filter Expression (to reduce the list to simplify the interface to users)?No, I don't think there's a way to simplify what's in the Filter Expression dialog short of removing dissectors from Wireshark (probably more effort than it's worth).
The only reason would be to simplify the interface for test engineers who like to streamline their process (it would remove the need to constantly type the protocol abbreviation). It would happen at the end of the development cycle if at all. Thank you (and to Alexis) for your feedback. John Dill
<<winmail.dat>>
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- overriding dissector for port 8080 John Dill (Apr 03)
- Re: overriding dissector for port 8080 Alexis La Goutte (Apr 03)
- Re: overriding dissector for port 8080 Jeff Morriss (Apr 03)
- <Possible follow-ups>
- Re: overriding dissector for port 8080 John Dill (Apr 04)
- Re: overriding dissector for port 8080 Hadriel Kaplan (Apr 04)
- Re: overriding dissector for port 8080 John Dill (Apr 04)
- Re: overriding dissector for port 8080 Hadriel Kaplan (Apr 04)
- Re: overriding dissector for port 8080 John Dill (Apr 04)