Sadiq Shareef XX
2008-01-29 21:31:44 UTC
Hi ,
I am trying to decode two non standard http ports (eg. 4567 & 7865) as
http traffic in a pcap file.
Currently we use the GUI to say "decode as" twice (one for each port)
under the analyze menu. We want to do this on the command line.
I am currently using the tshark with -d option to decode the TCP traffic
on port 4567 as http traffic and save the output to tsharktest.cap
/usr/sbin/tshark -r /tmp/test.pcap -d tcp.port==4567,http -w
/tmp/tsharktest.cap
The problem is that we have the traffic on a another port 7865 and we
want that to be decoded as http as well.
Currently we repeat the "decode as" process in the GUI for each port.
Thanks
Regards
Syed Sadiq Shareef
Service & Solutions Operations, Integration Delivery
Contractor for Ericsson
E
6300 Legacy Drive Office: +1 972 583-4166
Plano, Texas 75024 Mobile: +1 214 908-3394
U.S.A Fax: +1 972 583-0270
e-mail: sadiq.xx.shareef-IzeFyvvaP7pWk0Htik3J/***@public.gmane.org
Approved Disclaimer
This communication is confidential and intended solely for the
addressee(s). Any unauthorized review, use, disclosure or distribution
is prohibited. If you believe this message has been sent to you in
error, please notify the sender by replying to this transmission and
delete the message without disclosing it. Thank you.
E-mail including attachments is susceptible to data corruption,
interruption, unauthorized amendment, tampering and viruses, and we only
send and receive e-mails on the basis that we are not liable for any
such corruption, interception, amendment, tampering or viruses or any
consequences thereof.
I am trying to decode two non standard http ports (eg. 4567 & 7865) as
http traffic in a pcap file.
Currently we use the GUI to say "decode as" twice (one for each port)
under the analyze menu. We want to do this on the command line.
I am currently using the tshark with -d option to decode the TCP traffic
on port 4567 as http traffic and save the output to tsharktest.cap
/usr/sbin/tshark -r /tmp/test.pcap -d tcp.port==4567,http -w
/tmp/tsharktest.cap
The problem is that we have the traffic on a another port 7865 and we
want that to be decoded as http as well.
Currently we repeat the "decode as" process in the GUI for each port.
Thanks
Regards
Syed Sadiq Shareef
Service & Solutions Operations, Integration Delivery
Contractor for Ericsson
E
6300 Legacy Drive Office: +1 972 583-4166
Plano, Texas 75024 Mobile: +1 214 908-3394
U.S.A Fax: +1 972 583-0270
e-mail: sadiq.xx.shareef-IzeFyvvaP7pWk0Htik3J/***@public.gmane.org
Approved Disclaimer
This communication is confidential and intended solely for the
addressee(s). Any unauthorized review, use, disclosure or distribution
is prohibited. If you believe this message has been sent to you in
error, please notify the sender by replying to this transmission and
delete the message without disclosing it. Thank you.
E-mail including attachments is susceptible to data corruption,
interruption, unauthorized amendment, tampering and viruses, and we only
send and receive e-mails on the basis that we are not liable for any
such corruption, interception, amendment, tampering or viruses or any
consequences thereof.