Pedro Gonçalves wrote: > Hi > > I'm having some trouble while decoding STUN Binding Request and Responses. > Sometimes they get decoded the right way, sometimes STUN packets are > decoded as DNP 3.0, RTP or RTCP (?!). > > I'm sending two captures I made so you can check for yourself: > for example, in problems_wireshark_1.pcap, odd packets are STUN Binding > Request and even packets are STUN Binding Responses. > > Why are the first two packets decoded as DNP 3.0 and the rest of them > are decoded ok? >
Which version of Wireshark? The DNP decoding occurs because the messages are using port 20000 which is the port DNP 3.0 uses. I have strengthened the DNP heuristics recently, including an error where UDP packets were treated as tcp fragments. This was committed as r20651 & r20683 around the beginning of Feb 2007. I don't think these were in 0.99.5. My current version handles the file correctly. As a workaround, disable DNP 3.0 from Analyze | Enabled Protocols ..., or try a buildbot build. -- Regards, Graham Bloice _______________________________________________ Wireshark-users mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-users
