Wireshark-dev: [Wireshark-dev] Dissecting based on UDP source port
From: "Stig Bjørlykke" <[email protected]>
Date: Fri, 20 Jun 2008 12:35:20 +0200
Hi.

When sending UDP packets we get random source ports, and from MS
Windows they usually starts just above 1024 (the registered ports
range).  Wireshark uses the source port when picking a dissector,
which leads to some wrong dissectors being used (and malformed
packets).  In just a few hours I get this dissectors: ff(1089,1090),
mikey(2269), tpncp, mgcp(2427) and ac_trace, which is not what I want.

Is this a common problem when using MS Windows?


-- 
Stig Bjørlykke