Wireshark-dev: Re: [Wireshark-dev] Modifying port number for TFTP

From: Heude Pascal <pascalheude@xxxxxxxxxxx>
Date: Tue, 02 Jun 2009 23:11:49 +0200
I am working for a french aerospace company. This is in this context that the use of port 59 is used for TFTP call instead of 69.

I have read the comments you have inserted in the mail. But I have learnt from my business experience that sometimes there are discrepancies between comments and source code and when you want to know what a software is suposed to do you'd better look at the source code.

Stephen Fisher a écrit :
On Tue, Jun 02, 2009 at 09:28:09PM +0200, Heude Pascal wrote:

  
I had the same request than Yvan, because I have a TFTP protocol based 
on port 59 (for call) and 50450-50460 ports for the rest of protocol. 
    
What setup is TFTP going over port 59 in?  I see that the official IANA 
designation for port 59 is "any private file service."  Is it common in 
your experience to have TFTP on port 59 instead of its assigned port of 
69?

  
I came to the conclusion that I have to rebuild wireshark with 
changing the source packet-tftp.c (define UDP_PORT_TFTP from 69 to 
59). Then for the other ports, it seems that the dissector adapts 
itself automatically, but I need to confirm it by testing because I am 
not very familiar with wireshark API.
    
See this comment from the source code for the TFTP dissector to see how 
it finds TFTP traffic The "TFTP port" below is 69.  From 
epan/dissectors/packet-tftp.c:

/*
 * The first TFTP packet goes to the TFTP port; the second one
 * comes from some *other* port, but goes back to the same
 * IP address and port as the ones from which the first packet
 * came; all subsequent packets go between those two IP addresses
 * and ports.
 *
 * If this packet went to the TFTP port, we check to see if
 * there's already a conversation with one address/port pair
 * matching the source IP address and port of this packet,
 * the other address matching the destination IP address of this
 * packet, and any destination port.
 *
 * If not, we create one, with its address 1/port 1 pair being
 * the source address/port of this packet, its address 2 being
 * the destination address of this packet, and its port 2 being
 * wildcarded, and give it the TFTP dissector as a dissector.
 */


Steve

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe