Applying the filter: msnms filters out the MSNMS protocol messages
regardless of the port number being used. How is this done?
Example: In cases where the port number is 80 instead of 1863 which is
the default for MSNMS(i.e. tunneling the MSNMS protocol through HTTP),
wireshark is still able
wireshark detects when msnms is transported atop HTTP by looking at
the content-type of the HTTP header.
If content-type is "application/x-msn-messenger" then the payload
inside the HTTP packet is deemed to be msnms.
see proto_reg_handoff_msnms() in packet-msn-messenger.c
On 12/12/06, Trivedi,
ronnie
sahlberg
Sent: Tuesday, December 12, 2006 6:39 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Protocol identification for msnms
wireshark detects when msnms is transported atop HTTP by looking at
the content-type of the HTTP header.
If content-type is "applicat
On Wed, Dec 13, 2006 at 10:53:10AM -0500, Trivedi, Nirav wrote:
> Thanks! If I wanted to look at other protocols and how the
> identification is made for each one, is there an easier way than to
> read through source code? Is the information published somewhere?
Not that I know of; the source
