Wireshark-dev: Re: [Wireshark-dev] Unable to recognise DTLS packets

From: Hauke Mehrtens <hauke@xxxxxxxxxx>
Date: Wed, 12 Feb 2014 13:29:20 +0100
On 02/12/2014 01:02 PM, Tulika Bose wrote:
> Dear All,
>    I have come across a problem with the display filter of dtls.The
> version I am using is 1.10.4.I have some DTLS packets,where DTLS is used
> over CoAP,and they have been captured in a .pcapng file. But when I
> filter the packets using the string 'dtls',no packets get displayed.On
> the other hand,when the filter string used is 'coap' or 'udp', packets
> get displayed,because DTLS is using the same port as coap which is
> 5683.But the problem is that the wireshark cannot recognise the DTLS
> header,it parses the same as the CoAP header,although these are actually
> dtls packets.It would be very kind of you,if you help  me with the issue.
> 
> Thanks & Regards
> Tulika Bose

Port 5683 is the default CoAP port and then the CoAP dissector is used
by default. You can right click on the Package in wireshark and then
click on "Decode As..." and select DTLS to decode it was DTLS.

Wen you want to use DTLS with CoAP I would suggest you to use a nightly
build or a 11.X version of wireshark, there are some improvements in
wireshark regarding these two protocols.

Hauke