Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 12283] RPC traffic not recognized when port = 995

Wireshark-bugs: [Wireshark-bugs] [Bug 12283] RPC traffic not recognized when port = 995

Date: Thu, 24 Mar 2016 07:34:57 +0000

Comment # 6 on bug 12283 from Guy Harris

(In reply to Guy Harris from comment #3)
> (In reply to Guy Harris from comment #1)
> > Unless you've tried traffic for all ports from 1 to 1023, you cannot validly
> > conclude that this is a problem for all ports < 1024.  Have you done so?
> > 
> > In fact, port 995 is for POP-over-SSL.
> 
> And port 2443 is for Cisco's Skinny protocol atop SSL, so there's nothing
> limiting this to protocols under 1024, either.

And if I use bittwiste to change the NFS client port to 2443, Wireshark again
treats the RPC/NFS traffic as SSL.

If you set the TCP preference "Try heuristic sub-dissectors first" to true, it
recognizes the traffic in question as RPC.

However, it'd be better if there were a way to have the SSL dissector reject
traffic that's "obviously" not SSL; whether that's possible to do without
rejecting traffic that *is* SSL is another matter.  "Guessing protocols is
hard, let's go shopping!"

You are receiving this mail because:

You are watching all bug changes.

References:
- [Wireshark-bugs] [Bug 12283] New: RPC/NFS incorrectly decodes when port <1024
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 12283] RPC traffic not recognized when port = 995
Next by Date: [Wireshark-bugs] [Bug 12284] New: PRA Identifier of the IE PRA Action should use 3 octets (6 to 8) and not 2 in GTPv2
Previous by thread: [Wireshark-bugs] [Bug 12283] RPC traffic not recognized when port = 995
Next by thread: [Wireshark-bugs] [Bug 12283] RPC traffic not recognized when port = 995
Index(es):
- Date
- Thread