Hi, I've got a recording of web socket communication. I know for sure that web sockets are used, there is not HTTP CONNECT stage, however, it is done in a different way (which I yet have to find). Wireshark does not recognize the web socket packets as such, showing them as TCP only. When I try to manually force it to switch to websocket via Decode As - the websocket is just not there!I'm using the latestversion on both Windows and OS X. Please advise! Moshe asked 17 Sep '14, 05:09  moshek |
2 Answers:
This is simply not doable for now as the websocket dissector does not register itself as part of the Decode As list. Having it would require to modify the packet-websocket.c file and recompile. answered 17 Sep '14, 11:50  Pascal Quantin |
I achieved my goal by registering my lua dissector that just forwarded the call to websocket. It kind of worked, but turned out that the traffic was not a valid web socket :-( answered 17 Sep '14, 11:57 moshek |
