Wireshark-bugs: [Wireshark-bugs] [Bug 9427] Dissector for T1 data-over-TCP protocol wanted

Date: Wed, 13 Nov 2013 20:08:39 +0000

changed bug 9427

What Removed Added
Status UNCONFIRMED INCOMPLETE
Summary T1 data in Ethernet payload has no dissector Dissector for T1 data-over-TCP protocol wanted
Ever confirmed   1

Comment # 1 on bug 9427 from
A quick look at the capture file shows that it contains:

    1) PPP-over-L2TP traffic with echo requests and replies, which is probably
not the traffic in question;

    2) TCP connections:

        10.134.72.183:60237 -> 10.134.150.3:23561
        10.134.72.183:60237 -> 10.134.150.3:53928
        10.134.72.183:60237 -> 10.134.150.3:25961
        10.134.72.183:60237 -> 10.134.150.3:64495

       which include FIX traffic, so they're probably not the Guisys traffic;

    3) TCP connections:

        10.134.72.178:60239 -> 10.134.150.3:41817

       which has what appears to be a combination of binary data and some ASCII
numbers, which is therefore *probably* not the Guisys traffic;

    4) TCP connections:

        10.134.72.179:60239 -> 10.134.150.1:3435

       which has a bunch of 3-byte TCP segments, all containing 0x00 0x03 0x02,
which is therefore *probably* not the Guisys traffic;

    5) TCP connections:

        10.134.72.130:60230 -> 10.134.150.1:3541
        10.134.72.194:60230 -> 10.134.150.1:3542

       which are not recognized by any dissector and contain data with no
obvious pattern, so at least one of them is probably the Guisys traffic.

Unfortunately, that's not sufficient to determine how to dissect it; you'll
need to provide us with a complete, detailed description of the format of the
data in the TCP stream in order for us to dissect it.


You are receiving this mail because:
  • You are watching all bug changes.