On Tue, Jun 02, 2009 at 09:28:09PM +0200, Heude Pascal wrote:
> I had the same request than Yvan, because I have a TFTP protocol based
> on port 59 (for call) and 50450-50460 ports for the rest of protocol.
What setup is TFTP going over port 59 in? I see that the official IANA
designation for port 59 is "any private file service." Is it common in
your experience to have TFTP on port 59 instead of its assigned port of
69?
> I came to the conclusion that I have to rebuild wireshark with
> changing the source packet-tftp.c (define UDP_PORT_TFTP from 69 to
> 59). Then for the other ports, it seems that the dissector adapts
> itself automatically, but I need to confirm it by testing because I am
> not very familiar with wireshark API.
See this comment from the source code for the TFTP dissector to see how
it finds TFTP traffic The "TFTP port" below is 69. From
epan/dissectors/packet-tftp.c:
/*
* The first TFTP packet goes to the TFTP port; the second one
* comes from some *other* port, but goes back to the same
* IP address and port as the ones from which the first packet
* came; all subsequent packets go between those two IP addresses
* and ports.
*
* If this packet went to the TFTP port, we check to see if
* there's already a conversation with one address/port pair
* matching the source IP address and port of this packet,
* the other address matching the destination IP address of this
* packet, and any destination port.
*
* If not, we create one, with its address 1/port 1 pair being
* the source address/port of this packet, its address 2 being
* the destination address of this packet, and its port 2 being
* wildcarded, and give it the TFTP dissector as a dissector.
*/
Steve