I'm trying to monitor some web traffic using wireshark. Our web proxy is on port 9191. How can I get the wireshark view to treat port 9191 just like port 80 – ie as HTTP.
Just using Decode_As on the menu seems to allow half the conversation but only one side.
Any suggestions how to make this a permanent option?
Best Answer
If you go to Edit -> Preferences -> Protocols -> HTTP, you should find a list of ports that are considered to be HTTP. Add port 9191 to that list. I believe you have to re-start Wireshark and re-open your capture file or re-start your capture for this to take effect.
This is on the Windows version 1.0.3; it might be slightly different on other platforms. Obviously this isn't a generic way to alter the port to protocol mappings, but the authors of the http decoder seem to have recognized that people run it on many different ports.