Reputation: 457
Wireshark mis-interprets my UDP (port 5000) message as TAPA protocol
I'm writing a UDP send program which will send data to 127.0.0.1, port 5000.
When I use Wireshark to sniff my data packet, it interprets the protocol as TAPA protocol, which is unexpected. What I was expecting is that Wireshark treats the data packet as a general UDP data packet and display the payload data, not to parse it as a TAPA datagram.
Expected Wireshark result:
Unexpected Wireshark result:
Upvotes: 0
Views: 743
Answers (1)
Reputation: 211710
Wireshark, like many dumping tools, will attempt to interpret the data it receives using a number of fingerprinting strategies.
If your data looks sufficiently like that protocol, or shares a port that's commonly used for that sort of traffic, it may be inadvertently tagged as such.
Port 5000 is quite a non-random number to use. Why not something else?
Upvotes: 1
Related Questions
- Detecting UDP vs. non-UDP packets in PCAP
- Sending a UDP with scapy shows malformed in wireshark
- Why UDP packet is recognized as LLC protocol?
- Monitoring UDP data on wireshark shows ARP packet
- Strange Wireshark behaviour (A single packet labeled both TCP and UDP)
- Unable to capture a UDP protocol packet with Wireshark by visiting any website
- Python sends malformed UDP Packets
- Why I can't capture UDP packets sent by my Java application with wireshark?
- UDP Packet not captured by Wireshark, but is captured by UDP application
- UDP packages appear in wireshark, but are not received by program