Re: Transport name resolution considered harmful?

[Stephen Fisher <steve () stephen-fisher com>]

---- On Mon, 23 Apr 2012 11:56:52 -0600 Gerald Combs  wrote ---- 

> It seems like the "services" file has effectively become "a list of
> things not running on the network". This is especially true for OSes
> that use the old-style (1024 - 4999) ephemeral port range. Is there any
> reason we shouldn't disable transport name resolution by default for the
> 1.8 release?

It still has useful matches including, but not limited to:

  ssh (22)
  domain (53)
  http (80)
  microsoft-ds (445)
  router (520) <- (I know, scary RIP...)

The strange protocols like your example on the ask site gave may have become more of an issue since we imported the 
entire IANA services file a while back.  Maybe we need to trim it back down to common protocols.  Interestingly, the 
Wireshark services file shows port 3389 as belonging to "ms-wbt-server" whereas the FreeBSD 9.0-REL one shows it as the 
better known name "rdp".  Wireshark's services has has port 5900 belonging to "rfb" which is the protocol name for VNC 
(remote frame buffer), even though most people know it as VNC.  FreeBSD's services doesn't have an entry for 5900.






___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe