Wireshark · Ethereal-dev: Re: [Ethereal-dev] Packet misdetection

Ethereal-dev: Re: [Ethereal-dev] Packet misdetection

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Tue, 6 Apr 2004 23:31:15 -0700

On Tue, Apr 06, 2004 at 02:07:24PM -0300, Fernando Machado Jr. wrote:
> I had lil bug here. Ethereal identified some packets as websphere 
> protocol, and it presented in the statistics as hierarchically under tcp 
> protocol. I've found no websphere protocol inside my sniffing, so, if 
> this packet exists, it shuold be under http, not tcp.
> 
> Do somebody know what happened?

What happend is that either

	1) it was traffic to or from port 1414, and not from or to some
	   other port whose dissector saw the packet before the
	   WebSphere dissector did

or

	2) it was traffic that looked enough like WebSphere traffic that
	   the WebSphere dissector was willing to treat it as such.

If it was 1), perhaps we should change the WebSphere dissector so that
it uses the same tests for port-1414 traffic that it uses for other
traffic.

References:
- [Ethereal-dev] Packet misdetection
  - From: Fernando Machado Jr.

Prev by Date: Re: [Ethereal-dev] Small bugfix for IPMI packet dissector
Next by Date: Re: [Ethereal-dev] libtethereal.so Makefile problems
Previous by thread: [Ethereal-dev] Packet misdetection
Next by thread: Re: [Ethereal-dev] Packet misdetection
Index(es):
- Date
- Thread