Hi,
According to RFC 2353 this decoding is correct. See paragraph 2.6.1.
These UDP/TCP ports are assigned by IANA to this protocol. It is
implemented as such in the LLC dissector.
Thanx,
Jaap
On Tue, 30 Jan 2007, Martin Pokorny wrote:
> Hi,
>
> I think I may have stumbled onto a wireshark bug (ethereal version
> 0.99.0, libpcap version 0.8.3 on RHEL4). An application on which I'm
> working is receiving UDP packets over gigabit Ethernet from some custom
> hardware. The packets have a fixed source and destination UDP port
> number, which we had set to 12001 and 12000, respectively. Wireshark
> shows an LLC header after the UDP header, which is simply not present;
> see first attachment (bad.pcap). In the process of poking around a bit,
> I changed the UDP port numbers to 12032 and 12048 in the pcap file, and
> wireshark no longer reported the LLC header; see second attachment
> (good.pcap). Unless I'm totally missing something about LLC (definite
> possibility), this looks like a bug in wireshark or libpcap.
>
> I'm not subscribed to this list, please send questions to me directly.
>
> --
> Martin
>
