Wireshark · Wireshark-users: [Wireshark-users] MPLS over UDP decoding

Wireshark-users: [Wireshark-users] MPLS over UDP decoding

From: Yang Yu <yang.yu.list@xxxxxxxxx>

Date: Thu, 27 Dec 2018 15:01:42 -0800

Hi,

In a packet capture of sFlow export packets, I noticed some sFlow
samples were decoded as MPLS over UDP. The sFlow sampled packet was
actually just a UDP VoIP packet with no dissector support.

What logic does Wireshark use to opportunistically consider UDP
payload to be MPLS? Thanks.

Flow sample
Raw Packet header
  * Ethernet
  * IP
  * UDP
  * MPLS label x 6
  * pweth.cw
  * eth (data looks wrong because it is not an actual Ethernet header)
  * data (unable to decode)


Yang

Follow-Ups:
- Re: [Wireshark-users] MPLS over UDP decoding
  - From: Hugo van der Kooij
- Re: [Wireshark-users] MPLS over UDP decoding
  - From: Guy Harris

Prev by Date: [Wireshark-users] Wireshark 2.9.0 is now available
Next by Date: Re: [Wireshark-users] MPLS over UDP decoding
Previous by thread: [Wireshark-users] Wireshark 2.9.0 is now available
Next by thread: Re: [Wireshark-users] MPLS over UDP decoding
Index(es):
- Date
- Thread