--- On Tue, 4/7/09, Guy Harris <[email protected]> wrote:
> From: Guy Harris <[email protected]>
> Subject: Re: [Wireshark-dev] Using port numbers to determine next dissector
> To: "Developer support list for Wireshark" <[email protected]>
> Date: Tuesday, April 7, 2009, 4:49 PM
> On Apr 7, 2009, at 1:52 AM, Rayne wrote:
>
> >> Unless there's some flavor of GTP version 1
> documented elsewhere
> >> that runs over TCP ports 2123 or 2152, the GTP
> dissector shouldn't
> >> register for those ports, just for UDP ports 2123
> and 2152.
> >
> > ** That's what I thought, but I saw packets
> classified as GTP with
> > TCP port 2152 listed as their source or destination
> ports.
>
> When I said "shouldn't", I meant it in a prescriptive sense, rather
> than a descriptive sense - unless there's some way in which GTPv1 runs
> over TCP ports 2123 or 2152, it's not correct for the GTP dissector to
> register for those ports (that's the prescriptive sense of "shouldn't"),
> but it *does* register for them ("shouldn't" in the descriptive sense
> would have meant "the dissector doesn't register for those ports, so
> there's no way it could be handed those packets").
Since it's not correct for the GTP dissector to register for those ports, why
register for them then? Is it in case GTPv1 does happen to run over TCP ports
2123 or 2152? But since that is not very likely to happen, would this result in
non-GTP traffic running over TCP ports 2123 or 2152 to be wrongly dissected as
GTP traffic?
And Guy, thank you very much for your detailed explanations.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
