Re: how to find http headers

[Abhik Sarkar <sarkar.abhik () gmail com>]

If it is specific custom headers you are after, then you can go to the HTTP
protocol preferences and add them in "Customer HTTP header fields". Once you
have added them and restarted, you can filter on the headers.

For example, if the header is called X-WAP-MSISDN, after the above steps you
will have a field called "http.header.X-WAP-MSISDN". You can filter on that
using the display filter then. For example "http.header.X-WAP-MSISDN matches
"^9715[056].*"

If you don't know the headers then you might want to try "http and frame
matches <regular expression>" or "http and frame contains <string>"

Hope this helps
Abhik

On Wed, Mar 24, 2010 at 1:18 PM, a bv <vbavbalist () gmail com> wrote:

> Hi ,
> I have done multiple captures both with wireshark or other tools and
> like to analyze them with wireshark.   What i want to do is analyze
> the traffic and look for patterns /http headers releated to instant
> meesaging traffic , mostly windows live , msn messenger traffic and
> take this and add to the ips for blockiing. So what is the best
> practices for that?
>
> Regards
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe