Ethereal-users: Re: [Ethereal-users] Interbase

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: alex.port@xxxxxxxxxxxx
Date: Thu, 16 Jan 2003 18:09:19 +0000
Thanks, top spot gentlemen. Was driving me mad as i though this was like AH
or ESP with an offset. I didnt think to investigate the port avenue as
ethereal  was reporting IB as a protocol , wheras its a service.

Ethereal should amend the source port to the defined name not the protocol
field.

Easily fixed by disabling the protocol.

Thanks again

Alex Port








|---------+---------------------------->
|         |           martin.regner@che|
|         |           llo.se           |
|         |                            |
|         |           15/01/03 17:58   |
|         |                            |
|---------+---------------------------->
  >-----------------------------------------------------------------------------------------------------------------------------|
  |                                                                                                                             |
  |       To:       alex.port@xxxxxxxxxxxx                                                                                      |
  |       cc:                                                                                                                   |
  |       Subject:  Re: [Ethereal-users] Interbase                                                                              |
  >-----------------------------------------------------------------------------------------------------------------------------|





Alex Port wrote:
>I am seeing packets listed as protocol  IB or Interbase however these are
>no IB packets in my capture.
>
>Is any one able to detail what ethereal matches packets to to list this as
>a IB protocol, ie. is it an offset match for a certain hex value etc , and
>if so whats the match?


I guess that the packets are sent to or from TCP port 3050.

The IB dissector registers with that TCP port number (TCP port 3050 is the
IANA registered port number
for gds_db by Interbase, but the port number can of course also be used for
other purposes).
http://www.iana.org/assignments/port-numbers

You can probably use the "Tools/Decode As..." functionality to "Do not
decode TCP port 3050 as "IB".
However the packets may then show up just as TCP packets.

If you know what protocol it is you can in some circumstances use the
"Decode As..." functionality
to select that protocol e.g. "Decode TCP port 3050 as HTTP". It is not
possible to do this for all protocols
in Ethereal (e.g. for heuristic dissectors). In some cases you may need to
change some protocol preferences (Edit/Preferences.../Protocols/...) or
similar in order to get Ethereal dissect the packets with the correct
dissector.

If you don't know what protocol it is then you can look in the port list to
see if the destport/sourceport
matches any of the other IANA registered port numbers and see if that gives
any clues what protocol it is, or
searching on Internet.







This communication is for informational purposes only.  It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan Chase & Co., its
subsidiaries and affiliates.