On Fri, Jul 06, 2001 at 12:40:10AM -0400, Mohamed LRHAZI wrote:
> Hello,
>
> When I give ethereal the following packets to analyze it reports details about X25 over TCP protocole, while I am 99% sure it is not!
>
> tcpdump -r dump.out -n port 1998
According to
http://www.iana.org/assignments/port-numbers
port 1998 is for "cisco X.25 service (XOT)".
That's why the Ethereal X.25-over-TCP dissector sets up Ethereal to
dissect port 1998 traffic as X.25-over-TCP.
Unfortunately, the mere fact that some port is a registered port for
some service doesn't mean that it won't be used for some other protocol
if that port isn't being used for the service for which it's intended.
In order not to have port-1998 traffic dissected by Ethereal as XOT
traffic, you can either manually disable the X.25-over-TCP dissector, or
disable that particular port-to-protocol assignment.
To disable the X.25-over-TCP dissector, select "Protocols" from the
"Edit" menu, click on the "xot" button in the dialog box Ethereal
pops up, and click "OK".
To disable that particular port-to-protocol assignment, click on one of
the port 1998 packets, select "Decode As" from the "Tools" menu, select
the "Do not decode" button in the dialog box Ethereal pops up, select
"both" in the second option menu box (the one between "TCP" and "port(s)
as", and click "OK".
Unfortunately, there is currently no way to save those settings, so on
every capture with non-X.25-over-TCP traffic using port 1998, you will
have to disable it by hand.