> From: André Warnier [mailto:[email protected]] > Subject: Re: tracing port to port > > how does Wireshark figure out if the contents of a packet > are HTTP or not ? It must be either "heuristic" by sniffing > the content, or else just by the port in use ?
It does both. The protocol determination and analysis are extremely clever; even for SMB work, it's way better than Microsoft's NetMon. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
