On Sun, Jan 13, 2008 at 03:50:19PM +0800, chunhui CHE wrote: > > i am doing something about network traffic classification. when i use > wireshark to collect some training data, i found it didn't work very well, > sometimes. for example, when i type " tshark -r <file> -w <file> -R "http" " > in command line and get some data about http(Hypertext Transfer Protocol). i > found it also contains many p2p traffic. i am wondering how wireshark define > the display filter "http". can i get some information about it in the source > code? and how? can you tell me in which file?
http can be used as a transport for a variety of things, including p2p traffic. Filtering on http just filters out traffic (on specific ports) that use the http protocol as a transport medium. It does not look into the http traffic to see what kind of objects are transported. If you want to look at the source-code, you can download the source tarball from the website and have a look at the files: - epan/dissectors/packet-http.c - epan/dissectors/packet-http.h - epan/req_resp_hdrs.c - epan/req_resp_hdrs.h Which take care of (most of the) http processing. If you don'w want to download the source code, you can find the files online at: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/ And then browse to the specific files mentioned above. > i am sorry , my English is poor. i hope you all can understand my question, > an give some help. thx. No worries, there are more non-native English speakers here ;-) Cheers Sake _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
