Wireshark-users: [Wireshark-users] Protocol Identification using Payload Content
From: "Isara Anantavrasilp" <isara.a@xxxxxxxxx>
Date: Mon, 5 May 2008 21:12:34 +0200
Hi,

First of all, I am sorry if my question is not directly related to Wireshark.
(Actually, I really have no idea where to ask exactly.)

Anyway, my problem is as follows.
I need to identify the protocols of the packets in some packet traces.
In these traces, some small fractions of payloads are available (not
only headers but not really full-payload).
As far as I know, Wireshark can identify the protocols of these packets.
This it is done by matching the packet transportation ports to the
known application ports.

However, this method is not reliable. So I would like to identify the
protocol with protocol signature instead.
And by "protocol signatures", I mean the specific strings or contents
of the protocols.
(Like some HTTP packets got "GET" or "POST" in the packets.)

Can this be done be Wireshark?
Do you have any idea where I can get such a list protocol signatures?
(It is most likely that I would have to develop an automated
application for the identification.)

Thank you very much.

Cheers,
Isara Anantavrasilp