how does wireshark identify DNS traffic when it also uses a Radius port in UDP port? And how can I tell? -

-

my program doing packet analysis. have problem around dns/radius. dns uses udp port 53 radius uses udp port 1645/1646/1812/1813

logic if see 53 dns packet; if see 1812... radius packets. problem comes, dns packets use radius ports e.g. udp port src 53/dst 1812 or vice verse. program cannot handle this.

but wireshark doesn't confused, wondering how capable of knowing true protocol. attempt decode payload? , tell? or underline libpcap or has ability tell true protocol type. if take use code libpcap, libpcap provide functionality of telling carrying protocols?

can please help? googled while got no results yet.

thanks kang

wireshark uses various techniques identify protocols. dns , radius, based on port number. code looks numerically lower port number first and, if doesn't find dissector port number, looks numerically higher port number, packet going between ports 53 , 1812 identified dns rather radius because 53, port dns, numerically lower 1812, port radius.

if there happened radius traffic between ports 1812 , 53, wireshark would confused.

the way work around have dns dissector try @ packet data , guess whether it's dns or have radius dissector try @ packet , guess whether it's radius and, if it's not packet dissector, return "this isn't me" indication dissector can tried.

there no magic solution guaranteed correctly identify protocols running on tcp or udp. there heuristics based on port numbers , packet contents; may right answer 99 44/100% of time, there still 56/100% of time when doesn't work , you'll have intervene manually (for example, using "decode as..." mechanism in wireshark, or -d command-line equivalent in tshark).

and, no, steffen ullrich indicated, libpcap doesn't you; different applications using libpcap (tcpdump, wireshark, etc.) may differently.


Comments

Post a Comment

Popular posts from this blog

java - Static nested class instance -

-
this question has answer here: java inner class , static nested class 23 answers i came across in java, know static nested class why create instance of 'static'. isn't whole idea of 'static' use without instance? understand concept of inner classes, why (and frankly how possible to) create 'instance' of 'static' member @ ? why this: 1- outerclass.staticnestedclass nestedobject = new outerclass.staticnestedclass(); 2- nestedobject.anestedclassmethod(); and not this: 1- outerclass outerinstance=new outerclass(); 2- outerinstance.staticnestedclass.anestedclassmethod(); use on inner classes, keyword static indicates can access inner class without instance of outer class. for example: public class outer { public static class inner { /* code here. */ } } with construction, can create instance of inn
Read more

c# - Bluetooth LE CanUpdate Characteristic property -

-
i building xamarin.forms cross platform mobile app, uses monkey.robotics bluetoth low energy functionality. connecting mbed based implimentation of custom gatt service . in xamarin c#, triggers characteristic. canupdate property in monkey.robotics? this standard example c# based on: if (characteristic.canupdate) { characteristic.valueupdated += (s, e) => { debug.writeline("characteristic.valueupdated"); device.begininvokeonmainthread( () => { updatedisplay(characteristic); }); isbusy = false; // spin until first result received }; isbusy = true; characteristic.startupdates(); } this has been working, since changed own custom gatt service connecting to, canupdate property false. property , how triggered? me debugging gatt service code. thanks monkey.robotics open sour
Read more

JavaScript - Replace variable from string in all occurrences -

-
ok, know if have character '-' , want remove in places in string javascript, ... someword = someword.replace(/-/g, ''); but, when applying array of characters, s not working ... const badchars = ('\/:*?"<>|').split(''); let filename = title.replace(/ /g, '-').tolocalelowercase(); (let item = 0; item < badchars.length; item++) { // below not work global '/ /g' filename = filename.replace(/badchars[item]/g, ''); } any ideas? /badchars[item]/g looks badchars , literally, followed i , t , e , or m . if you're trying use character badchars[item] , you'll need use regexp constructor, , you'll need escape regex-specific characters. escaping regular expression has been well-covered . using that: filename = filename.replace(new regexp(regexp.quote(badchars[item]), 'g'), ''); but , don't want that. want character class: let filename = title.replac
Read more