Wireshark · Wireshark-dev: [Wireshark-dev] Protocol identification for msnms

Wireshark-dev: [Wireshark-dev] Protocol identification for msnms

From: "Trivedi, Nirav" <ntrivedi@xxxxxxxxx>

Date: Tue, 12 Dec 2006 18:15:41 -0500

Applying the filter: msnms filters out the MSNMS protocol messages regardless of the port number being used. How is this done?

Example: In cases where the port number is 80 instead of 1863 which is the default for MSNMS(i.e. tunneling the MSNMS protocol through HTTP), wireshark is still able to identify the protocol as MSNMS and not just HTTP. From a development standpoint, how is this identification made? Is it a deep packet inspection looking for a particular pattern in the application layer data? If so, what pattern? Thanks.

-Nirav Trivedi

Follow-Ups:
- Re: [Wireshark-dev] Protocol identification for msnms
  - From: ronnie sahlberg

Prev by Date: Re: [Wireshark-dev] [PATCH] ieee80211 integer overflow
Next by Date: Re: [Wireshark-dev] Protocol identification for msnms
Previous by thread: Re: [Wireshark-dev] [PATCH] bugfix : ICMP unreachable and tcp seq not shown
Next by thread: Re: [Wireshark-dev] Protocol identification for msnms
Index(es):
- Date
- Thread