On Oct 12, 2009, at 8:41 PM, Stephen Fisher wrote:
On Oct 12, 2009, at 9:28 PM, Rayne wrote:
I believe TCP port 3101 is a registered port for BlackBerry
Enterprise Server traffic. Any idea why the name shown for the port
in Wireshark is hp_pxpib (HP PolicyXpert PIB Server)?
It is officially registered to hp-pxpib. From the services file in
Wireshark (which is pulled from http://www.iana.org/assignments/port-numbers)
:
hp-pxpib 3101/tcp HP PolicyXpert PIB Server
hp-pxpib 3101/udp HP PolicyXpert PIB Server
# Brian O'Keefe <bokeefe&cnd.hp.com>
...and HP PolicyXpert appears to be a dead product:
http://support.openview.hp.com/encore/pxpert.jsp
but HP hasn't told the IANA to abandon that registration (or the IANA
hasn't gotten around to unregistering it, or they don't ever
unregister ports, or something - if that page is to be believed, it's
been about 5 years).
We could, I guess, have a script to selectively replace entries from
the IANA port number list (maybe even one that downloads the port-
numbers file using curl or wsget or whatever and then edits it) and
use that to override entries such as the one for port 3101 when we
update the services file for Wireshark. That will, of course, not
help tcpdump or any other program that looks up services with
getservent()/getservbyname()/getservbyport(), as those APIs use the
system services file or the network's NIS or whatever services
database (or whatever they use on Windows), not a private services
file....