Wireshark-dev: Re: [Wireshark-dev] Modifying port number for TFTP

From: Heude Pascal <pascalheude@xxxxxxxxxxx>
Date: Tue, 02 Jun 2009 21:28:09 +0200
The main drawback of this method is that wireshark refreshes the trace window and this could take a while, depending on the trace size and on your PC power.
I had the same request than Yvan, because I have a TFTP protocol based on port 59 (for call) and 50450-50460 ports for the rest of protocol. I came to the conclusion that I have to rebuild wireshark with changing the source packet-tftp.c (define UDP_PORT_TFTP from 69 to 59). Then for the other ports, it seems that the dissector adapts itself automatically, but I need to confirm it by testing because I am not very familiar with wireshark API.

Stig Bjørlykke a écrit :
On Tue, Jun 2, 2009 at 9:49 AM,  <yvanmmailbox-web@xxxxxxxx> wrote:
  
I need to dissect frames that use tftp protocol but not on the standard
port. Is it possible to modify it without compiling the whole Wireshark or
re-writing a plugin with the same code (I don't want to have a
compiled-specific version of Wireshark)?
    
You can select the package you want to be dissected as tftp, select
Analyse -> Decode As..., select the correct source/destination port
and select TFTP from the list.