Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-dev: Re: [Ethereal-dev] Inproper indentification of AFS packets.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Fri, 23 Apr 2004 11:53:50 -0700
On Thu, Apr 22, 2004 at 07:43:01PM +0100, Ober Heim wrote:
> Using 10.0.3 I am seeing AFS packets being decoded

RX registers for all ports in the range [7000,7009] and for port 7021...

> as the follwing
> RUDP,

...and RUDP registers for port 7000, and its dissector calls the "Cisco
Session Manager" dissector, which calls the MTP3 dissector, which leads
to...

> ISUP, MTP3MG.

...those protocols.

> The AFS capture sample on the http://www.ethereal.com/sample/
> is a good example of this.
> I am not sure if these items were fixed in the latest CVS.

Unfortunately, RUDP doesn't appear to have much in it that could be used
for a test for whether the packet is *really* RUDP, so fixing this would
require some infrastructural changes either to

	1) allow multiple dissectors for a given port, plus priorities
	   so that dissectors with strong checks for "is this one of
	   mine?" can arrange to be called before dissectors with weaker
	   checks, *IF* such checks exist for RX

or

	2) allow multiple dissectors for a given port, and let the user
	   specify what they want for the port

or something such as that.

Disabling the RUDP dissector is a workaround.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube