Comment # 3
on bug 12265
from Guy Harris
(In reply to Jamie Bainbridge from comment #2)
> The ACAP RFC states that the protocol *listens* on port 674:
>
> https://tools.ietf.org/html/rfc2244
> 2.1. Link Level
> The ACAP protocol assumes a reliable data stream such as provided by
> TCP. When TCP is used, an ACAP server listens on port 674.
>
> In the attachment, the connection is started with a SYN to port 2049, so
> 2049 must have been the listener, not 674.
>
> Port 2049 is listed as NFS in the IANA URL you provided.
>
> Hence, this stream should have been recognized as being NFS, not ACAP.
It's all done with heuristics, and "heuristics" means that sometimes "should
have been recognized as XXX" and "is recognized as XXX" aren't always going to
be the same (because, for most if not all heuristics for various protocols,
there's at least one packet where the heuristic will misidentify the packet,
and if you tweak the heuristics to make it work for *that* packet, you might
then just shift the problem to another packet).
What's probably needed here is a way for the ACAP dissector to say "this
doesn't look like ACAP, let somebody else have a look at it".
You are receiving this mail because:
- You are watching all bug changes.
