Wireshark · Ethereal-dev: Re: [Ethereal-dev] Inproper indentification of AFS packets.

[Michael Tuexen <Michael.Tuexen@xxxxxxxxxxxxxxxxx>]

Cisco could apply for a port number and use that instead
of reusing 7000...

On Apr 23, 2004, at 8:53 PM, Guy Harris wrote:

> On Thu, Apr 22, 2004 at 07:43:01PM +0100, Ober Heim wrote:
> > Using 10.0.3 I am seeing AFS packets being decoded
>
> RX registers for all ports in the range [7000,7009] and for port 
> 7021...
>
> > as the follwing
> > RUDP,
>
> ...and RUDP registers for port 7000, and its dissector calls the "Cisco
> Session Manager" dissector, which calls the MTP3 dissector, which leads
> to...
>
> > ISUP, MTP3MG.
>
> ...those protocols.
>
> > The AFS capture sample on the http://www.ethereal.com/sample/
> > is a good example of this.
> > I am not sure if these items were fixed in the latest CVS.
>
> Unfortunately, RUDP doesn't appear to have much in it that could be 
> used
> for a test for whether the packet is *really* RUDP, so fixing this 
> would
> require some infrastructural changes either to
>
> 	1) allow multiple dissectors for a given port, plus priorities
> 	   so that dissectors with strong checks for "is this one of
> 	   mine?" can arrange to be called before dissectors with weaker
> 	   checks, *IF* such checks exist for RX
>
> or
>
> 	2) allow multiple dissectors for a given port, and let the user
> 	   specify what they want for the port
>
> or something such as that.
>
> Disabling the RUDP dissector is a workaround.
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev