Marshal V Langlois wrote:
It's actually on port 1352. In fact... SOME of the traffic in the
capture is represented simply as tcp without any specification as to
what it thinks it is.
Currently, the "conversation" code, which handles the "make everything
in the connection TDS" stuff, doesn't let a dissector specify that
everything *past a certain point* is a particular protocol. When the
packet summary list is constructed, only packets after the packet it
thinks looks like a TDS summary will be displayed as such, although if
you later click on earlier packets they'll be dissected as TDS.
I guess some Lotus Notes packet looked enough like a TDS packet for the
TDS dissector. Ethereal has no dissector for Lotus Notes, so it's not
going to recognize any Notes packets. If you can send us a capture, we
might be able to see why it apparently recognized a Notes packet as a
TDS packet, and might be able to fix it not to do so. (Making it
dissect Lotus Notes would require either a protocol specification for
Notes or a large amount of time and network traffic to reverse-engineer
the protocol - I have neither the time nor the network traffic to do so.)