Ethereal-dev: Re: [ethereal-dev] ONC RPC is simply an heuristic dissector

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxx>
Date: Mon, 17 Jul 2000 13:42:15 -0700 (PDT)
> On Sun, Jul 16, 2000 at 08:44:42PM -0700, Guy Harris wrote:
> My best example
> is source port 111 to dest port 53 (UDP) for a DNS lookup.  Ethereal thought
> it was a portmapper packet,

Really?  Ethereal does *NOT* know that port 111 is special; it cares
neither about ports 111 nor 2049 - instead, as it has to detect ONC RPC
packets by means other than port numbers *anyway*, it just uses the same
mechanism to detect portmapper/rpcbind and NFS packets, i.e.  heuristics
to see if the stuff at the beginning of the packet looks like an RPC
request for some protocol Ethereal knows about.

Do you have a capture where it somehow manages to misidentify a DNS
packet as being an ONC RPC packet for the portmapper?  If so, the RPC
detector may need to be tuned better.