This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Configuring DICOM Protocol within 2.0.x

Configuring new version of Wireshark for DICOM protocol differs from previous versions. In prior versions there was either all TCP ports or Heuristic mode box that could be checked. 2.0.x does not contain a configuration item like that, there is a single line for PORT. Are there wildcard characters or a port range that needs to be entered to achieve the same result as heuristic mode?

dicom

asked 31 Dec '15, 12:33

BPOWELL
6●1●1●2
accept rate: 0%

edited 31 Dec '15, 15:19

Guy Harris ♦♦
17.4k●3●35●196

Selecting Analyze--Enabled Protocols--DICOM---DICOM over TCP has no effect on the display of packets.

(04 Jan '16, 07:04) BPOWELL

One Answer:

For DICOM, 2.0.x has:

a port range preference, "DICOM Ports range";
a heuristic dissector, disabled by default, which can be enabled in the "Enabled protocols" dialog from Analyze -> Enabled protocols - search for "dicom" and check the box next to "DICOM over TCP".

answered 31 Dec '15, 15:18

Guy Harris ♦♦
17.4k●3●35●196
accept rate: 19%

Selecting Analyze--Enabled Protocols--DICOM---DICOM over TCP has no effect on the display of packets.

(04 Jan '16, 07:06) BPOWELL

This is working fine with the DICOM capture found in https://bugs.wireshark.org/bugzilla/attachment.cgi?id=1819 or https://bugs.wireshark.org/bugzilla/attachment.cgi?id=10032 for example

Could you provide your capture file?

(04 Jan '16, 09:47) Pascal Quantin

Thank you for the feedback, my guess is some of the residual settings from the prior version may have been causing my issue. I performed an uninstall and removed everything. Installing from scratch, making the protocol change and then applying the coloring rules I have seems to have corrected my problem. I seem to be able to now consistently open captures and have them decoded as I would expect.

(05 Jan '16, 09:15) BPOWELL