Wireshark-users: [Wireshark-users] Mismatch between frame.protocols, _ws.col.Protocol, filter tag

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Marcin Nawrocki <marcin.nawrocki@xxxxxxxxxxxx>
Date: Mon, 4 Jun 2018 14:56:07 +0200

Hi list,


I stumbled upon a mismatch across fields indicating the protocol. Consider this extract of traces from the public MAWI WIDE archive (no payload): https://www.cloudshark.org/captures/c9752d3184ee



Case 1 [BVLC] Case 2 [HART_IP] Case 3 [enip]



frame.protocols contains "bvlc" is true frame.protocols contains "hart_ip" is true frame.protocols contains "enip" is true
_ws.col.Protocol shows UDP _ws.col.Protocol shows hart_ip _ws.col.Protocol shows ENIP
using display filter "bvlc" yields no results using display filter "hart_ip" yields no result using display filter "enip" yields results


Why do we see different behavior for case 1-3, how does it relate to the quality of the dissectors?


Cheers, Marcin