Wireshark-users: Re: [Wireshark-users] how to second capwap decryptor for tshark
From: Guy Harris <[email protected]>
Date: Wed, 4 Jul 2012 00:24:25 -0700
On Jul 3, 2012, at 9:12 PM, balu wrote:

> Iam using 1.4.13 on linux machine. Below copied available descriptors for udp port. Sorry for not mentioning this in previous mail.
> 
> tshark: Valid protocols for layer type "udp.port" are:

	...

>     ayiya (Anything in Anything Protocol)
>     bat (B.A.T.M.A.N. Layer 3 Protocol)
>     bat (B.A.T.M.A.N. Layer 3 Protocol)
>     bat (B.A.T.M.A.N. Layer 3 Protocol)
>     bfd (Bidirectional Forwarding Detection Control Message)

	...

>     bvlc (BACnet Virtual Link Control)
>     capwap (Control And Provisioning of Wireless Access Points)
>     capwap (Control And Provisioning of Wireless Access Points)
>     ccsds (CCSDS)

That doesn't mean there are 3 B.A.T.M.A.N. dissectors or two CAPWAP dissectors, it means either that the code to register them as potential UDP port dissectors doesn't eliminate duplicate registrations or that the code to print those registrations doesn't eliminate them.  I'll look at fixing that bug.

This means there *is* no second dissector to use (not in 1.4, not in 1.6, not in 1.8, and not in the trunk), so just do

	-d udp.port={port number},capwap

to assign the one and only CAPWAP dissector to the specified UDP port.