Ethereal-users: Re: [Ethereal-users] Question or Request for enhenecement

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>
Date: Thu, 5 Jul 2001 22:19:08 -0700
On Fri, Jul 06, 2001 at 12:40:10AM -0400, Mohamed LRHAZI wrote:
> Hello,
> 
> When I give ethereal  the following packets to analyze it reports details about X25 over TCP protocole, while I am 99% sure it is not!
> 
> tcpdump -r dump.out -n port 1998

According to

	http://www.iana.org/assignments/port-numbers

port 1998 is for "cisco X.25 service (XOT)".

That's why the Ethereal X.25-over-TCP dissector sets up Ethereal to
dissect port 1998 traffic as X.25-over-TCP.

Unfortunately, the mere fact that some port is a registered port for
some service doesn't mean that it won't be used for some other protocol
if that port isn't being used for the service for which it's intended.

In order not to have port-1998 traffic dissected by Ethereal as XOT
traffic, you can either manually disable the X.25-over-TCP dissector, or
disable that particular port-to-protocol assignment.

To disable the X.25-over-TCP dissector, select "Protocols" from the
"Edit" menu, click on the "xot" button in the dialog box Ethereal
pops up, and click "OK".

To disable that particular port-to-protocol assignment, click on one of
the port 1998 packets, select "Decode As" from the "Tools" menu, select
the "Do not decode" button in the dialog box Ethereal pops up, select
"both" in the second option menu box (the one between "TCP" and "port(s)
as", and click "OK".

Unfortunately, there is currently no way to save those settings, so on
every capture with non-X.25-over-TCP traffic using port 1998, you will
have to disable it by hand.