Wireshark-dev: Re: [Wireshark-dev] About transport name resolution with the new services file

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Richard van der Hoff <richardv@xxxxxxxxxxxxx>
Date: Sat, 18 Aug 2007 13:32:18 +0100 (BST)
On Sat, 18 Aug 2007, Francois-Xavier Le Bail wrote:


Hi List,

In version 0.99.6 we have, by example :
Source   Destination   Protocol Info
10.0.0.2 62.210.65.158 TCP      3946 > http [ACK] ...

In version 0.99.7-SVN-22549 we have :
Source   Destination   Protocol Info
10.0.0.2 62.210.65.158 TCP      backupedge > http
[ACK] ...

The resolution from the new services file from IANA is
not relevant in such cases with random source port.
Perhaps this new resolution scheme should be optional.
Perhaps it should just be more intelligent, and if one port is < 1024 and the other isn't, just resolve the one less than 1024?
On the other hand that doesn't solve the problem in the general case. I guess it would be nice to make a decision based on where the SYN comes from. 


--
Richard van der Hoff <richardv@xxxxxxxxxxxxx>
Systems Analyst
Tel: +44 (0) 845 666 7778
http://www.mxtelecom.com