I want to write a wireshark dissector for amf packet sent over tcp. In wireshark capture window amf packet which is inside a tcp is dissected as tcp . I want to dissect the amf packet that is encapsulated inside tcp. asked 18 Oct '12, 01:28  Akhil edited 18 Oct '12, 02:04 |
2 Answers:
Is your traffic going to or from TCP port 1935? Wireshark only recognizes TCP traffic to or from port 1935 as RTMPT traffic. If your RTMPT traffic isn't to or from port 1935, Wireshark won't recognize it as RTMPT traffic; Wireshark would have to be changed to allow other ports to be specified. answered 18 Oct '12, 11:27  Guy Harris ♦♦ |
And if it's going to and from port 80 or port 443 - or, rather, if it's being transported over HTTP or "HTTPS" (HTTP-over-SSL/TLS) with a media type of application/x-amf, as one of your other questions suggests it is - see how we now do it in the trunk of the Wireshark source repository, as of my checkin of an AMF message dissector. answered 16 Nov '12, 14:35 Guy Harris ♦♦ edited 16 Nov '12, 14:36 |
Okay. So what is your question? You should be way more specific, or this (non-) question will not survive in the shark pond very long...
In wireshark capture window amf packet which is inside a tcp is dissected as tcp . I want to dissect the amf packet that is encapsulated inside tcp.
this still isn't a question, it's a statement. If you need a starting point on how to develop something for Wireshark, start here: http://wiki.wireshark.org/Development, or look at the documentation which comes with the sources.
If you have something specific to ask (which would include a question mark somewhere in your sentences, at least once) you can do that here.