On 10/21/15 02:13, Michael wrote:
Hi everyone,
I just want to know if I misunderstood RFC 7348
(https://tools.ietf.org/html/rfc7348 ).
According to section 5 � VXLAN Frame Format, it seems just UDP.Dst-Port
must/should be 4789.
But I have checked the code:
[...]
204 dissector_add_uint("udp.port", UDP_PORT_VXLAN, vxlan_handle);
[...]
Should line 204 be updated to �udp.dport�?
Or I miss something I should know.
No, that wouldn't work because Wireshark doesn't have a "udp.dport"
dissector table.
The only subdissector table that Wireshark's UDP dissector provides is
named "udp.port". This is probably because most protocols involve
packets going to/from the same (hopefully/often IANA-registered if not
IANA-assigned) port. So packets going /to/ the well-known port are
acknowledged with packets going /from/ that same well-known port.
Having subdissectors registered for the port (rather than the
destination port) means Wireshark can decode those responses correctly too.