Re: Transport name resolution

[Guy Harris <guy () alum mit edu>]

On Sep 16, 2013, at 12:44 PM, Anders Broman <a.broman () bredband net> wrote:

> I got rid of getservbyport() and added reading of the local services file perhaps the read should be removed again?

"Local services file" as in "/etc/services" on UN*X and its equivalent on Windows 
(C:\winnt\system32\drivers\etc\services?), or "local services file" as in "the services file that's distributed as part 
of Wireshark"?  We should continue to use the latter; the aforementioned "modifications for local use" could be made to 
that file as well.

> I'm also wondering if service name resolution should be defaulted to off, I'm not convinced it's that useful.

Using the IANA port list is the reason why we get people asking why, for example, they're seeing "dssiapi" traffic on 
their network, just because something happens to be using port 1265.  (I picked that example somewhat at random, but we 
*do* get that asked at times.)

Should we, instead, look the port number up in the "tcp.port" or "udp.port" (or "sctp.port") dissector table and, if it 
finds a dissector handle, look up the short name of the protocol for that dissector handle and use that?  That means 
that:

        1) we're using the name Wireshark uses elsewhere for the protocol (e.g., "DNS" rather than "domain");

        2) if we don't have a dissector registered for that port, we don't show a protocol name (which is arguably a 
feature rather than a bug, as the traffic isn't necessarily for the protocol linked with the port number given in the 
IANA list, and this means that if we're not going to dissect the traffic as that protocol we're probably not going to 
claim it's that protocol, which I see as a Good Thing).

> If we decide to have it default off perhaps we shouldn't default to write
> User Datagram Protocol, Src Port: 60000 (60000), Dst Port: 13868 (13868) but rather
> User Datagram Protocol, Src Port: 60000 , Dst Port: 13868

Yes, and the same applies for network addresses, if we're not already doing that.

(Also, should it be

        User Datagram Protocol, Src Port: 60000, Dst Port: DNS (53)

rather than

        User Datagram Protocol, Src Port: 60000, Dst Port: 53 (DNS)

I could see arguments in both directions.)

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe