Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 3033] many zero edonkey layers for tcp(port: 4582, 4662)

Date: Fri, 28 Nov 2008 22:17:35 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3033





--- Comment #1 from Stephen Fisher <stephentfisher@xxxxxxxxx>  2008-11-28 22:17:34 PDT ---
Thanks for your report.  The packet doesn't even look like an eDonkey one.  The
eDonkey dissector simply assumes that if it can't find a known number for a
protocol name at the beginning of the packet, then it is a continuation of an
eDonkey session.  This packet is being picked up because it was sent to one of
the ports the eDonkey dissector registers itself as (4661-4665,4672).

Anyone here familiar with the eDonkey protocol and/or dissector that might be
able to tighten detection of continuation packets?


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.