It is not currently. However, given that you are unlikely to see LWRES on your network (it was removed from BIND9 some time ago, and also only ever sent on the loopback interface), you can disable the LWRES dissector:
(There are also command line options to do this.)
As Chuck mentioned, however, if you use other low numbered ports that are actually IANA registered to another protocol, the same thing will happen with other dissectors.
Cheers,
John
Thanks for the clarification.
Could you please confirm whether this change (MR 23056) is expected to be included in the next Wireshark 4.6.3 release?
Thanks,
Kundan
lwres: Do not claim (unregistered) port 921
Wireshark sometimes assumes the lower (smaller) port number in a conversation is the server.
The change above should fix that for lwres but there may be other source ports lower than 4789 that will show the same behavior.
Hello Wireshark Dev Team,
I am sending valid VXLAN packets with UDP destination port 4789. When the UDP source port is an ephemeral (high-numbered) port, Wireshark decodes the packets correctly as VXLAN. However, when the UDP source port is 921 and the destination port is still 4789, the same packets are decoded as LWRES instead of VXLAN. Could you please help explain why this behavior occurs?
Thanks,
Kundan
Wireshark-dev mailing list -- wireshark-dev@xxxxxxxxxxxxx
To unsubscribe send an email to wireshark-dev-leave@xxxxxxxxxxxxx
Wireshark-dev mailing list -- wireshark-dev@xxxxxxxxxxxxx
To unsubscribe send an email to wireshark-dev-leave@xxxxxxxxxxxxx
Wireshark-dev mailing list -- wireshark-dev@xxxxxxxxxxxxx
To unsubscribe send an email to wireshark-dev-leave@xxxxxxxxxxxxx