tcpdump mailing list archives
Re: patch to support floating port number for tftp
From: Guy Harris <gharris () sonic net>
Date: Fri, 9 May 2003 19:32:09 -0700
On Fri, May 09, 2003 at 02:23:35PM +0900, Motonori Shindo wrote:
Attached is a patch to better handle floating port number for tftp. tftp uses 69/udp as the destination port for the first packet (RRQ, WRQ), but arbitrary port number will be used for the subsequent packets. This patch adds keyword "tftp" as a -T option to enforce the interpretation as such.
The way Ethereal handles that is that it:
1) recognizes packets sent to port 69 as TFTP packets;
2) for those packets, remembers the IP addresses and the
*source* port number, and arranges that all subsequent
packets from the client (from the client's IP address and
source port number, and to the server's IP address) and from
the server (from the server's IP address, and to the client's
IP address and source port number) be dissected as TFTP as
well.
Should tcpdump do the same?
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- patch to support floating port number for tftp Motonori Shindo (May 08)
- Re: patch to support floating port number for tftp Guy Harris (May 09)
- Re: patch to support floating port number for tftp Motonori Shindo (May 09)
- Re: patch to support floating port number for tftp Guy Harris (May 10)
- Re: patch to support floating port number for tftp Motonori Shindo (May 09)
- Re: patch to support floating port number for tftp Guy Harris (May 10)
- Re: patch to support floating port number for tftp Guy Harris (May 09)