For example if you were trying to monitor some web traffic but your web proxy is on port 9191, how would you get Wireshark to treat port 9191 as HTTP (or as port 80)?
To change the protocol associated with a port:
- Open wireshark
- Go to Edit -> Preferences -> Protocols
- Search for your protocol and click it
- On the right hand side you should find a list of ports considered to be using the protocol
- To add your own port, simply add a comma "," after the last port listed and enter your own
Simply restart Wireshark and restart your capture for the changed to take effect.
[…] Note: You can change the default port that wireshark uses to detect and decode BACnet messages. See this artile for more information Monitor any port using any protocol with Wireshark […]
Reply
Curious to know if anyone has had issues in attempting to add a HTTP TCP port using approach above?
Say an exercise like appending a ",11110"³ to the end of the default HTTP / TCP Ports: "80,3128,3132,8080,8088,11371,3689,1900" list – to result in: "80,3128,3132,8080,8088,11371,3689,1900,11110"
Seems when I attempt to use FF w/ FoxyProxy to proxy my HTTP requests through :11110, Wireshark messes up on capturing or displaying the newly defined :11110 HTTP port.
At the while, my FF HTTP session works perfectly through the FireFox :11110 FoxyProxy.
and yes I'm attempted to modify both my capture and display filters to squeeze some of that port 11110 traffic into my Wireshark panes – with any luck.