Changing the protocol associated with a port while monitoring it with Wireshark can be very useful.
For example if you were trying to monitor some web traffic but your web proxy is on port 9191, how would you get Wireshark to treat port 9191 as HTTP (or as port 80)?
To change the protocol associated with a port:
- Open wireshark
- Go to Edit -> Preferences -> Protocols
- Search for your protocol and click it
- On the right hand side you should find a list of ports considered to be using the protocol
- To add your own port, simply add a comma “,” after the last port listed and enter your own
Simply restart Wireshark and restart your capture for the changed to take effect.
Did you like this post?
Subscribe To The RSS Feed!
To catch many more articles like this in the future, make it easy on yourself and subscribe to me via RSS. You will not regret it!
Do you have a question?
We will do our best to try and solve any building automation, protocol, integration problem you may have
Curious to know if anyone has had issues in attempting to add a HTTP TCP port using approach above?
Say an exercise like appending a “,11110″ to the end of the default HTTP / TCP Ports: “80,3128,3132,8080,8088,11371,3689,1900″ list – to result in: “80,3128,3132,8080,8088,11371,3689,1900,11110″
Seems when I attempt to use FF w/ FoxyProxy to proxy my HTTP requests through :11110, Wireshark messes up on capturing or displaying the newly defined :11110 HTTP port.
At the while, my FF HTTP session works perfectly through the FireFox :11110 FoxyProxy.
and yes I’m attempted to modify both my capture and display filters to squeeze some of that port 11110 traffic into my Wireshark panes – with any luck.