Monitor any port using any protocol with Wireshark

Changing the protocol associated with a port while monitoring it with Wireshark can be very useful.

For example if you were trying to monitor some web traffic but your web proxy is on port 9191, how would you get Wireshark to treat port 9191 as HTTP (or as port 80)?

To change the protocol associated with a port:

  • Open wireshark
  • Go to Edit -> Preferences -> Protocols
  • Search for your protocol and click it
  • On the right hand side you should find a list of ports considered to be using the protocol
  • To add your own port, simply add a comma “,” after the last port listed and enter your own

Simply restart Wireshark and restart your capture for the changed to take effect.