Graham Bloice wrote: > Pedro Gonçalves wrote: > >> Hi >> >> I'm having some trouble while decoding STUN Binding Request and Responses. >> Sometimes they get decoded the right way, sometimes STUN packets are >> decoded as DNP 3.0, RTP or RTCP (?!). >> >> I'm sending two captures I made so you can check for yourself: >> for example, in problems_wireshark_1.pcap, odd packets are STUN Binding >> Request and even packets are STUN Binding Responses. >> >> Why are the first two packets decoded as DNP 3.0 and the rest of them >> are decoded ok? >> >> > > Which version of Wireshark? > The most recent, 0.99.5 for Windows XP.
> The DNP decoding occurs because the messages are using port 20000 which > is the port DNP 3.0 uses. I have strengthened the DNP heuristics > recently, including an error where UDP packets were treated as tcp > fragments. This was committed as r20651 & r20683 around the beginning > of Feb 2007. I don't think these were in 0.99.5. > > My current version handles the file correctly. > > As a workaround, disable DNP 3.0 from Analyze | Enabled Protocols ..., > or try a buildbot build. > Your workaround disabling DNP worked, but I'm still having some problems with STUN packets being decoded as RTP or RTCP. I think that has to do with the sequence of packets: in my original capture, I have: (...) 178: SIP/SDP 179: STUN 180: RTP (This is STUN, but decoded as RTP) 181: STUN (...) However, if I save the file starting in packet 179, all packets get well decoded. Thanks anyway Pedro _______________________________________________ Wireshark-users mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-users
