Wireshark mailing list archives

MPLS over UDP decoding

From: Yang Yu <yang.yu.list () gmail com>
Date: Thu, 27 Dec 2018 15:01:42 -0800

Hi,

In a packet capture of sFlow export packets, I noticed some sFlow
samples were decoded as MPLS over UDP. The sFlow sampled packet was
actually just a UDP VoIP packet with no dissector support.

What logic does Wireshark use to opportunistically consider UDP
payload to be MPLS? Thanks.

Flow sample
Raw Packet header
  * Ethernet
  * IP
  * UDP
  * MPLS label x 6
  * pweth.cw
  * eth (data looks wrong because it is not an actual Ethernet header)
  * data (unable to decode)


Yang
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

MPLS over UDP decoding Yang Yu (Dec 27)
- Re: MPLS over UDP decoding Hugo van der Kooij (Dec 27)
- Re: MPLS over UDP decoding Guy Harris (Dec 28)
  - Re: MPLS over UDP decoding Yang Yu (Dec 28)
    - Re: MPLS over UDP decoding Guy Harris (Dec 28)