Does anyone know how to load the latest DIS PDU updates in order for Wireshark to be able to filter on DIS PDUs being transmitted over the network? It would have to be compatible with 64-bit Windows 7. I'm new to this system and my protocol preferences state that DIS is available, but I wasn't sure if I need to download additional code for DIS PDUs as well to make this work. The version of Wireshark that I have is vers. 1.4.5 asked 19 Apr '11, 07:43  native020 edited 08 May '11, 18:28  cmaynard ♦♦ |
2 Answers:
The Distributed Interactive Simulation (DIS) dissector has been included with Wireshark since July 11, 2005. As long as the DIS traffic is being transported over UDP/3000, you don't have to do anything special to get DIS PDU's to be dissected. If it's being transported over another port, then just change the port preference via Edit -> Preferences -> Protocols -> DIS -> DIS UDP Port. By the way, if you're still using 1.4.5, you should upgrade to 1.4.6 immediately due to bug 5837. answered 08 May '11, 18:41 cmaynard ♦♦ |
This feature amounts to a bug with Aastra IP phones: They send RTP data on port 3000, and wireshark interprets it as DIS. To get Wireshark to recognize RTP stream of this kind as RTP, I had to set the preference above to something other than 3000 (I used 0). After that, the datastream was correctly interpreted as RTP by wireshark. Reference: http://www.pbxinaflash.com/community/index.php?threads/dis-pdu-types.8521 answered 20 Apr '12, 07:41  Stephen J Al... |
