Hi everybody, I'm just starting out with Wireshark and ran a test capture on one of our servers. The expert infos showed a lot of errors, mostly malformed packets. I filtered out some packets and was hoping someone can explain what's actually going on here. The source addresses are NEC Dect AP's on our network. We're not experiencing noticable issues, but I would still like to know if this is normal behaviour (think not) or if I need to further investigate this. Thanks in advance! asked 11 Dec '15, 15:09  schapie1978 |
One Answer:
That is just the DECT AP's communication with each other on the network. They use Multicast to discover each other, hence why you are seeing the traffic at your server. It seems that they use a proprietary protocol, and Wireshark makes a guess as to the protocol...in this instance DIS, since it uses UDP port 3000 which is IANA registered. answered 11 Dec '15, 17:16  Rooster_50 |
