Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Dissecting based on UDP source port

From: "Stig Bjørlykke" <stig@xxxxxxxxxxxxx>
Date: Fri, 20 Jun 2008 12:35:20 +0200
Hi.

When sending UDP packets we get random source ports, and from MS
Windows they usually starts just above 1024 (the registered ports
range).  Wireshark uses the source port when picking a dissector,
which leads to some wrong dissectors being used (and malformed
packets).  In just a few hours I get this dissectors: ff(1089,1090),
mikey(2269), tpncp, mgcp(2427) and ac_trace, which is not what I want.

Is this a common problem when using MS Windows?


-- 
Stig Bjørlykke