Ethereal-dev: Re: [ethereal-dev] non-standard UDP ports for standard protocolls ???

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Hannes R. Boehm" <hannes@xxxxxxxxx>
Date: Mon, 11 Jan 1999 19:06:16 +0100
On Mon, Jan 11, 1999 at 10:39:36AM -0600, Gilbert Ramirez Jr. wrote:
> Perhaps in dissect_udp() and dissect_tcp(), if the port is not hard-coded
> into ethereal, a lookup into /etc/services can be made. We would have to
> construct a table of port numbers and dissect-functions in ethereal.  I am
> assuming that you have your non-standard UDP port labelled in your local
> /etc/services file.
> 
> Using this approach, we could get rid of the hard-coded UDP ports in
> packet.h


The problem is that the ports are only listed in /etc/services on those
machines that use radius, and not on the ones which are using ethereal.

And: if i am sniffing packets I want to be informed by ethereal which
packets are passing by (-> if i have to find out myself which protocol
is within those "unknown" UDP packets, ethereal is less usefull)

(IMHO: hard-coded UDP ports dont cause problems for many UDP protocolls
       since most UDP protocolls use standardized ports (e.g. DNS)

  an other proposal:
   we could create a new config file/ preferences window which lets the
   user choose which protocol should be applied for which UDP port 
   (e.g. 
      tftp 69-100
      radius 1600-1700, 1800-1900, 1810
      (the standard config should be the one we have hardcoded in packet.h now.)
      -> to speed up the lookup process, maybe we could build up a btree ???
   )
   if the called dissect function determines, that the packet it is analyzing
   is not of the type it is expecting, it returns with an error code.
   This way, the calling function (dissect_udp) can call the next dissect function
   from a list.
)

Question: how many protocols 
a) dont have a standard udp port ?
b) dont use a standard udp port ?
c) must use their standard port ?

-> a complex solution must be justified by a larger amount of such protocols 

BTW: RADIUS does have standard ports (but it seems, that it is not 
     common practice to use those ports)

FYI: RADIUS used to use the port 1645 which caused conflicts with an other protocol
     (??? datametrics ???)
     now the port 1812 has been assigned to RADIUS
     RADIUS accounting should use 1813 but some older implementations still use
     1646.
     -> BUT: you are not forced to use a certain port -> you can choose it freely

Hannes


--
"The nice thing about standards is that there's so many to choose from." 
        -- Andrew S. Tanenbaum
!------------------------------------------------------------------!
  Hannes R. Boehm
        email   : hannes@xxxxxxxxx
        www     : http://hannes.boehm.org
        PGP-key : http://hannes.boehm.org/hannes-pgp.asc
!------------------------------------------------------------------!