Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Transport name resolution

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Mon, 16 Sep 2013 11:57:47 -0700
On Sep 16, 2013, at 7:20 AM, Anders Broman <anders.broman@xxxxxxxxxxxx> wrote:

> In serv_name_lookup() we call getservbyport() for ports not resolved in the IANA port list the function
> Seems quite expensive so my question is does it add any value or can I remove it?

At least on UN*Xes, getservbyport() does one or more of:

	1) look in /etc/services, which is probably based on a (possibly-out-of-date) version of, err, umm, the IANA port list;

	2) query some network service to do a lookup - and that service is probably using its own database, based on a (possibly-out-of-date) version of, err, umm, the IANA port list.

On Windows, I don't know what it ends up doing, but I wouldn't be surprised if it were to look in a file that's based on a (possibly-out-of-date) version of, err, umm, the IANA port list.

So I strongly doubt getservbyport() adds any value if we have our own IANA port list file.  (We probably didn't always have our own file, and started using getservbyport() back when we didn't.)