Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 3175] New: WCCP overrides CFLOW as decoded protocol

Date: Mon, 5 Jan 2009 18:59:41 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3175

           Summary: WCCP overrides CFLOW as decoded protocol
           Product: Wireshark
           Version: 1.0.5
          Platform: PC
        OS/Version: Windows Vista
            Status: NEW
          Severity: Normal
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: martinvisser99@xxxxxxxxx


Build Information:
Version 1.0.5 (SVN Rev 26954)

Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.12.8, with GLib 2.14.6, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with ADNS, with Lua 5.1, with GnuTLS 2.3.8, with Gcrypt 1.4.1, with MIT
Kerberos, with PortAudio V19-devel, with AirPcap.

Running on Windows Vista, build 6000, with WinPcap version 4.0.2 (packet.dll
version 4.0.0.1040), based on libpcap version 0.9.5, without AirPcap.

Built using Microsoft Visual C++ 6.0 build 8804

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
When opening Netflow v5 packets (captured on UDP port 2055), Wireshark and
Tshark report these as malformed WCCP packets. The CFLOW configuration does
have it looking for Netflow packets on UDP port 2055, as default.

Only when WCCP is disabled as a decoded protocol does wireshark decode
correctly as CFLOW. ("Decode as" when configured for CFLOW on UDP dest port
2055 does not override this).


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.