There are many scenarios when you work on a trace file and your protocol analyzer doesn’t decode the application. I see this a lot with proprietary applications, some IOT devices and when administrators change the application default port number. In less common scenarios, you might be trying to figure out how malware or worms spread in your network or try to determine an application signature.
In this example I show you how to use Wireshark’s Decode As feature to teach Wireshark how to decide a trace as FTP.
I run through some navigation tips and tricks, how to resize the columns, how to see the data within the packets (when it is in clear text and lastly how to use the Decode As feature.
Every protocol analyzer may have different term for this feature, but you should know how to do this in your favorite analyzer.