How to Create and Edit Custom Protocol
Although Capsa network analyzer supports more than 160 protocols, there are still circumstances that you need add your private protocol rules. For example, you have a special service using a private TCP port in the network, and you want Capsa to recognize it. Or a protocol uses non-standard port. This document is to show you how to create your own custom protocols and edit built-in protocols as your need.
Create Custom Protocols
If you want to create a private protocol rule, follow the instructions below.
Step 1, run Capsa network analyzer. On the Start Page, click the Menu button (on the top-left corner). Choose Local Engine Settings -> Custom Protocol from the menu.
Step 2, on the Custom Protocol window, you can click the Add… button to create a custom protocol. For example, you are testing a new protocol, which uses TCP port 8080. You can just click Add, and type in protocol name, short name and port number, and choose a color for the protocol on the new dialog box. Then click OK to save the custom protocol.
Note: if the capture is running, you need to go back to the start page. Otherwise the Add button and Edit button will be grayed out.
Edit Protocols
If you use non-standard protocols in your network, for example, DNS isn’t on port 53 (TCP or UDP), or HTTP isn’t on TCP port 80, you should modify the default port number for these two built-in protocols. Or Capsa will recognize them as TCP/UDP Other type. Let’s make an example that HTTP uses TCP port 8080, rather than port 80.
Step 1, open the Custom Protocol window, type in http in the search box.
Step 2, double-click on the HTTP protocol item, and modify its port number to 8080 in the dialog box. Click OK to save.
Now if you start a capture, or replay a packet file, all packets using TCP port 81 will be labeled as HTTP protocol. On the Custom Protocol window, you can create private protocols on TCP/UDP ports, IP protocol type, and Ethernet type. TCP and UDP port numbers are used more often rather than the other two. And also you can use the Import button and Export button to back up your private protocols.
FAQ: Why the Add/Edit/Delete buttons of the Custom Protocol window are grayed out?
You are not allowed to change protocol rules while there is a capture running because the changes could crash the program. If you need to add/edit protocol rules, you need stop the capture and go back to the Start Page (if you run multiple instances, you need to close all others). Then click on the Menu button on the top-left corner of the Start Page, and choose Local Engine Settings > Custom Protocol to open the Custom Protocol window. Now you will find the buttons are clickable.