Wireshark-bugs: [Wireshark-bugs] [Bug 12283] RPC traffic not recognized when port = 995
Date: Thu, 24 Mar 2016 07:34:57 +0000

Comment # 6 on bug 12283 from
(In reply to Guy Harris from comment #3)
> (In reply to Guy Harris from comment #1)
> > Unless you've tried traffic for all ports from 1 to 1023, you cannot validly
> > conclude that this is a problem for all ports < 1024.  Have you done so?
> > 
> > In fact, port 995 is for POP-over-SSL.
> 
> And port 2443 is for Cisco's Skinny protocol atop SSL, so there's nothing
> limiting this to protocols under 1024, either.

And if I use bittwiste to change the NFS client port to 2443, Wireshark again
treats the RPC/NFS traffic as SSL.

If you set the TCP preference "Try heuristic sub-dissectors first" to true, it
recognizes the traffic in question as RPC.

However, it'd be better if there were a way to have the SSL dissector reject
traffic that's "obviously" not SSL; whether that's possible to do without
rejecting traffic that *is* SSL is another matter.  "Guessing protocols is
hard, let's go shopping!"


You are receiving this mail because:
  • You are watching all bug changes.