Wireshark · Wireshark-dev: [Wireshark-dev] Dissecting based on UDP source port

Wireshark-dev: [Wireshark-dev] Dissecting based on UDP source port

From: "Stig Bjørlykke" <stig@xxxxxxxxxxxxx>

Date: Fri, 20 Jun 2008 12:35:20 +0200

Hi.

When sending UDP packets we get random source ports, and from MS
Windows they usually starts just above 1024 (the registered ports
range).  Wireshark uses the source port when picking a dissector,
which leads to some wrong dissectors being used (and malformed
packets).  In just a few hours I get this dissectors: ff(1089,1090),
mikey(2269), tpncp, mgcp(2427) and ac_trace, which is not what I want.

Is this a common problem when using MS Windows?


-- 
Stig Bjørlykke

Prev by Date: Re: [Wireshark-dev] Improvement to WIMAXASNCP for decoding IEEE802.16e specified TLV's
Next by Date: [Wireshark-dev] Request/Response tracking with multiple responses
Previous by thread: Re: [Wireshark-dev] CVS dataset required
Next by thread: [Wireshark-dev] Request/Response tracking with multiple responses
Index(es):
- Date
- Thread