Wireshark-bugs: [Wireshark-bugs] [Bug 7944] HTTP traffic to the SSH port (22) identified as SSH
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7944
Guy Harris <guy@xxxxxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Platform|x86 |All
Summary|Protocol identified |HTTP traffic to the SSH
|incorrectly |port (22) identified as SSH
OS/Version|Windows Server 2008 R2 |All
--- Comment #2 from Guy Harris <guy@xxxxxxxxxxxx> 2012-10-31 23:30:54 PDT ---
(In reply to comment #0)
> Does Wireshark sometimes use port number only to identify application layer
> protocols?
Yes.
Perhaps, if there are checks the SSH dissector can make to recognize "obviously
not SSH" traffic, it could be made to reject that traffic, although arbitrary
binary data can travel over an SSH connection, so "obviously not SSH" is a bit
tricky.
In addition, that would be insufficient to make Wireshark recognize it as HTTP;
the HTTP dissector would have to be made a heuristic dissector for TCP traffic
and try to catch "obviously HTTP" traffic, although arbitrary binary data can
travel over an HTTP connection, "obviously HTTP" is a bit tricky.
Wireshark's "Dissect As..." menu item can be used if you need a human brain to
run the heuristics. :-)
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.