Hi, Does Wireshark's TCP plugin only use port numbers or some other additional mechanisms to identify the application layer traffic ?
To me, using only port numbers does not make sense. If it uses other mechanisms for traffic identification, what are these ? For example, in case of POP3 and SMTP, Is Wireshark capable of identifying the POP3 or SMTP traffic even if a mail client uses a server connection port other than 110 for POP3 and 25 for SMTP. Thanks.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
