Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 6274] New: Transport name resolution not working

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Sun, 28 Aug 2011 17:36:55 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6274

           Summary: Transport name resolution not working
           Product: Wireshark
           Version: 1.7.x (Experimental)
          Platform: x86
        OS/Version: Windows Vista
            Status: NEW
          Severity: Normal
          Priority: Medium
         Component: Wireshark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: Jim@xxxxxxxxxxxxxxxxx


Created an attachment (id=6876)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=6876)
Capture file "Transport Name Resolution.pcap"

Build Information:
Version 1.7.0-SVN-38764 (SVN Rev 38764 from /trunk)

Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 2.22.1, with Cairo 1.10.2, with Pango 1.28.3, with
GLib 2.26.1, with WinPcap (version unknown), with libz 1.2.5, without POSIX
capabilities, with threads support, with SMI 0.4.8, with c-ares 1.7.1, with Lua
5.1, without Python, with GnuTLS 2.10.3, with Gcrypt 1.4.6, with MIT Kerberos,
with GeoIP, with PortAudio V19-devel (built Aug 28 2011), with AirPcap.

Running on 32-bit Windows Vista Service Pack 2, build 6002, with WinPcap
version
4.1.2 (packet.dll version 4.1.0.2001), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 2.10.3, Gcrypt 1.4.6, with AirPcap 4.1.1 build
1838.

Built using Microsoft Visual C++ 9.0 build 21022
--
When transport name resolution is enabled, Wireshark does not always display
protocol names instead of port numbers.

TO RE-CREATE:

Download the attached capture file, "Transport Name Resolution.pcap" and load
it into Wireshark 1.7.0-SVN-38764 with transport name resolution enabled. Note
that some of the port numbers will be translated to protocol names and some
will still display as numbers. For example, packet 1 will show "1651 > https"
in the Info column, and packet 15 will show "1657 > https". See attached screen
shot "170 Name Resolution.jpg."

Now load the same capture file into Wireshark stable version 1.6.1 with
transport name resolution enabled. Note that all port numbers will be properly
translated to protocol names. Packet 1 will show "shiva_confsrvr > https" and
packet 15 will show "fujitsu-mmpdc > https". See attached screen shot "161 Name
Resolution.jpg."

This seems to be related to the format of the "services" file. If I shut down
Wireshark 1.7.0-SVN-38764, copy over the "services" file from Wireshark 1.6.1,
and restart Wireshark 1.7.0-SVN-38764, the port numbers are properly translated
to protocol names.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube