Wireshark · Wireshark-dev: Re: [Wireshark-dev] Wonder should recognize VxLAN packet with UDP destination port number 4789 but n

Wireshark-dev: Re: [Wireshark-dev] Wonder should recognize VxLAN packet with UDP destination po

From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>

Date: Thu, 22 Oct 2015 10:56:49 -0400

On 10/21/15 02:13, Michael wrote:

Hi everyone,

I just want to know if I misunderstood RFC 7348
(https://tools.ietf.org/html/rfc7348 ).

According to section 5 – VXLAN Frame Format, it seems just UDP.Dst-Port
must/should be 4789.

But I have checked the code:

[...]

204       dissector_add_uint("udp.port", UDP_PORT_VXLAN, vxlan_handle);

[...]

Should line 204 be updated to “udp.dport”?

Or I miss something I should know.

No, that wouldn't work because Wireshark doesn't have a "udp.dport"dissector table.

The only subdissector table that Wireshark's UDP dissector provides isnamed "udp.port". This is probably because most protocols involvepackets going to/from the same (hopefully/often IANA-registered if notIANA-assigned) port. So packets going /to/ the well-known port areacknowledged with packets going /from/ that same well-known port.Having subdissectors registered for the port (rather than thedestination port) means Wireshark can decode those responses correctly too.

References:
- [Wireshark-dev] Wonder should recognize VxLAN packet with UDP destination port number 4789 but not source port.
  - From: Michael

Prev by Date: Re: [Wireshark-dev] Wonder should recognize VxLAN packet with UDP destination port number 4789 but not source port.
Next by Date: [Wireshark-dev] Usb dissectors, usb.protocol is always 0x000000
Previous by thread: Re: [Wireshark-dev] Wonder should recognize VxLAN packet with UDP destination port number 4789 but not source port.
Next by thread: [Wireshark-dev] GTP session plugin
Index(es):
- Date
- Thread