Hi all,
I understand that Wireshark uses 2 ways to determine what dissector to call
next, in the event that there is no "Next Protocol" field or the equivalent -
by looking at the port numbers of current layer, or at a list of heuristic
dissectors.
What happens if there are no heuristic dissectors to look at and there are
other traffic that also uses the port registered to a particular protocol? For
example, say ProtoA is registered to UDP port 5000. If I have some non-ProtoA
traffic that also uses UDP port 5000, would these traffic be wrongly dissected
by ProtoA dissector?
Also, I noticed that traffic that uses TCP ports 2123 and 2152 are classified
as GTP traffic (I'm using Wireshark 0.99.6). However, if I'm not wrong, the
3GPP specs state that GTP traffic only uses UDP ports 2123 and 2152, not TCP
(well, GTP version 1 anyway, version 0 and GTP' can use both TCP/UDP port 3386).
Thank you.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
