Stephen Fisher <steve@...> writes:
> > In addition to Christopher Maynard's suggestions, the surest way to
> > fix it is to make both dissectors "new-style" so that they verify that
> > the traffic on the port they're registered on (3503) is the right
> > traffic they're expecting and kick it back to Wireshark so that
> > another dissector can be tried....
>
> I forgot to write:
>
> ... if it isn't the right protocol for that dissector
The problem I have with this is that 3503 is registered to MPLS Echo so that
dissector shouldn't have to be changed to essentially become a heuristic one to
accommodate this port-stealing protocol. It's essentially the same situation as
for bug 1946. (See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1946)
We ought to be able to rely on registered ports being reserved for data
applicable to the protocols intended to run atop those ports. Granted 3503 is
not a so-called "well-known" port, so it differs a little bit from the DNS
situation, but it's basically the same thing. If we accept this situation, then
potentially we have a lot of dissectors to convert to new-style, and that might
be a lot of work, depending on how extensive the heuristics get. And then you
can always run into the case when the heuristics fail anyway. (I say
potentially because I haven't tried to count how many dissectors would be
affected. I suspect a lot though.)