Wireshark-bugs: [Wireshark-bugs] [Bug 6223] HTTP traffic is mis-dissected if the server/proxy po
Date: Sun, 14 Aug 2011 17:43:25 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6223

--- Comment #5 from Walter Benton <wbenton@xxxxxxxxxxxxxxxx> 2011-08-15 09:43:23 JST ---
(In reply to comment #4)
> Another alternative might be to have a heuristic HTTP dissector - it would, of
> course, have to mark the entire connection as HTTP, as an HTTP packet can
> contain arbitrary random sequences of bytes (PUT/POST request or GET reply
> data) and wouldn't be recognizable as HTTP unless we'd already seen something
> that looked like an HTTP request or reply earlier i the connection.

If I add port 12080 as an HTTP port number, then the port number should win out
over a lower port number. (i.e. for standard port numbers, the lower port
number should win out, but for user specified port numbers, they should take
precedence!

Likewise, even if I try to force a dissect where I specify either src.port ==
12080, dst.port == 12080 or both (tcp.port == 12080) and hit the decode button,
it STILL DOES NOT dissect it per my "decode as" instruction!  I don't know why
but  It dissects properly for some ports but not other ports.

It's a headache having HTTP packets which show up as just plain TCP or other
weird protocols which I know are NOT roaming my network.  And as I cannot
change the proxy port number... internal data monitoring becomes one bit PITA. 
Thus I recommend changing the "Importance" of this bug from [Low] to [Medium]
or perhaps even [High]!

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.