Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Using port numbers to determine next dissector

From: "Anders Broman" <anders.broman@xxxxxxxxxxxx>
Date: Wed, 8 Apr 2009 13:37:57 +0200
Hi,
Well perhaps port registration automatically is done for UDP and TCP or
the one doing the registration
Registered for TCP as well in case it would be used later or ...

But regardles, any thing sent on a port number that is used by a
Wireshark dissector(not hueristic) will be dissected as that protocol
Regardless of what it actually is. A workaround is to dissable that
protocol.
Regards
Anders

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Rayne
Sent: den 8 april 2009 12:26
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Using port numbers to determine next
dissector


Hmm... this is strange, because the 3GPP specs (3GPP TS 29.060 V8.5.0,
Section 10) states "UDP/IP is the only path protocol defined to transfer
GTP messages in the version 1 of GTP. [...] The UDP Destination Port
number for GTP-C request messages is 2123. It is the registered port
number for GTP-C. The UDP Destination Port number for GTP-U request
messages is 2152. It is the registered port number for GTP-U." Which one
is more credible?

Regards,
Rayne

--- On Wed, 4/8/09, Anders Broman <anders.broman@xxxxxxxxxxxx> wrote:

> From: Anders Broman <anders.broman@xxxxxxxxxxxx>
> Subject: Re: [Wireshark-dev] Using port numbers to determine next 
> dissector
> To: "Developer support list for Wireshark" 
> <wireshark-dev@xxxxxxxxxxxxx>
> Date: Wednesday, April 8, 2009, 8:26 AM Hi, 
> http://www.iana.org/assignments/port-numbers
> Lists:
> gtp-control     2123/tcp   GTP-Control Plane (3GPP)
> gtp-control     2123/udp   GTP-Control Plane (3GPP)
> gtp-user        2152/tcp   GTP-User Plane (3GPP)
> gtp-user        2152/udp   GTP-User Plane (3GPP)
> 
> So the dissector looks OK.
> Regards
> Anders


      

________________________________________________________________________
___
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe