I would say this is a rather impossible question.
Your configuration is a relevant factor.
As is the actual packet data.
With neither of them available it is impossible to answer.
But in general disable not relevant protocols in the profile you use. I use
various profiles where I disable not relevant protocols for the tasks at hand.
Met vriendelijke groet / With kind regards,
Hugo van der Kooij
-----Original Message-----
From: Wireshark-users <wireshark-users-bounces@xxxxxxxxxxxxx> On Behalf Of
Yang Yu
Sent: vrijdag 28 december 2018 00:02
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] MPLS over UDP decoding
Hi,
In a packet capture of sFlow export packets, I noticed some sFlow samples were
decoded as MPLS over UDP. The sFlow sampled packet was actually just a UDP
VoIP packet with no dissector support.
What logic does Wireshark use to opportunistically consider UDP payload to be
MPLS? Thanks.
Flow sample
Raw Packet header
* Ethernet
* IP
* UDP
* MPLS label x 6
*
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fpweth.cw&c=E,1,jBOKE6kiEiJmXy1qZyhzs5EpbM6-kBmI9y-EZb-Y8lfUYXxNOZi6s-V8xTdcECfjF3A1yJpRMnpExwtUrCnb8kyXp7Lgh9f-UnEq9gYfDnLEWNOjOdHjV1ta&typo=1
* eth (data looks wrong because it is not an actual Ethernet header)
* data (unable to decode)
Yang
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.wireshark.org%2flists%2fwireshark-users&c=E,1,XplxBdY_nHHcLnaAEt8NPox4jTZLrQmf55QtuyCdb0n1t8WeiTrh3aMuXH6rQOkkE7-izAbtxWDucfhwjMV_kfPCacvXY133eeVHeUFFFogD&typo=1
Unsubscribe:
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.wireshark.org%2fmailman%2foptions%2fwireshark-users&c=E,1,fwnRbYvOnnbG85ZBcCRK6e0bSFhqdf7Ej4wx9-xZKzUmLp7_zMm_STzO-P_Vf8M0g6R9no0D0lV4truMqYHVWFny8VA9Ya4OgIxeIlHX0Uy4lqXq&typo=1
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
