Sipos Csaba wrote:
I want to make TC scripts for traffic control and shaping, so I would
like to know how wireshark identifies various protocols (like SSH,
HTTP, ftp command and data etc.) either if the server uses non standard
ports.
SSH: it doesn't identify SSH on ports other than 22; if a user wants to
dissect SSH traffic on other ports, they'll have to manually specify the
traffic with "Decode As".
HTTP: the HTTP dissector registers, in addition to port 80, ports 3128
and 3132 (for proxies), port 8080, and some other known ports for HTTP.
There's a preference that gives a comma-separated list of ports; you
can add ports to that list. In addition, some protocols that are
implemented atop HTTP can make their port number dissected as HTTP and
then hand off the traffic to the dissector (e.g., IPP). "Decode As" can
also be used.
FTP command: it doesn't identify FTP command traffic on ports other than 21.
FTP data: it identifies FTP data traffic on port 20, and also looks at
PORT and PASV requests, if they're captured.
