Wireshark mailing list archives
Re: How to avoid dissection based on port defined by a different dissector?
From: Guy Harris <guy () alum mit edu>
Date: Wed, 15 Dec 2010 16:45:34 -0800
On Dec 15, 2010, at 1:46 PM, Christopher Maynard wrote:
The problem I have with this is that 3503 is registered to MPLS Echo so that dissector shouldn't have to be changed to essentially become a heuristic one to accommodate this port-stealing protocol.
The protocol itself might not be stealing that port; I suspect that the "port A" in "I have a dissector plugin that is registered with port A." is not port 3503. However, the OS on the other endpoint might have chosen port 3503 as the port number for its side of the conversation. OSes *should* (and that might even be a SHOULD in some RFC - or even a MUST - but I don't know offhand what RFC that is) choose ports in the ephemeral range (49152 through 65535) if the application (or library) doesn't explicitly choose a port number, rather than ports in the well-known range (0 through 1023, often restricted to privileged users for silly "security" reasons) or the registered range (1024 through 49151). However, that doesn't guarantee that they *do*. When looking for a port match, we try the lowest port number first, as that's more likely to be a "real" port - but there isn't any test you can use on port numbers that's *guaranteed* never to get the wrong answer.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- How to avoid dissection based on port defined by a different dissector? eymanm (Dec 15)
- Re: [Wireshark-dev] How to avoid dissection based on port defined by a different dissector? Christopher Maynard (Dec 15)
- Re: How to avoid dissection based on port defined by a different dissector? Stephen Fisher (Dec 15)
- Re: How to avoid dissection based on port defined by a different dissector? Stephen Fisher (Dec 15)
- Re: How to avoid dissection based on port defined by a different dissector? Christopher Maynard (Dec 15)
- Re: How to avoid dissection based on port defined by a different dissector? Jeff Morriss (Dec 15)
- Re: How to avoid dissection based on port defined by a different dissector? Dirk Jagdmann (Dec 15)
- Re: How to avoid dissection based on port defined by a different dissector? Stephen Fisher (Dec 16)
- Re: How to avoid dissection based on port defined by a different dissector? Guy Harris (Dec 15)
- Re: [Wireshark-dev] How to avoid dissection based on port defined by a different dissector? Chris Maynard (Dec 15)
- Re: How to avoid dissection based on port defined by a different dissector? Guy Harris (Dec 15)
- Re: How to avoid dissection based on port defined by a different dissector? Dirk Jagdmann (Dec 15)
- Re: How to avoid dissection based on port defined by a different dissector? Jeff Morriss (Dec 16)
- Re: How to avoid dissection based on port defined by a different dissector? Stephen Fisher (Dec 15)
- Re: How to avoid dissection based on port defined by a different dissector? Stephen Fisher (Dec 16)