I write an application to dump "0123456789" as payload of TCP to a PCAP file. (based on https://github.com/shadow/shadow/blob/master/src/support/shd-pcap-writer.c). After loading the generated PCAP with wireshark, it shows the payload as telnet data. Question> How to fix the problem so that the payload is shown as Data instead of telnet. Thank you
For example, A correctly display payload is as follows:
asked 05 May '17, 12:28  q0987 edited 05 May '17, 12:29 |
2 Answers:
Wireshark displays the payload as Telnet because the well-known TCP port for Telnet is port 23. See also RFC854, IANA's Service Name and Transport Protocol Port Number Registry, and Wireshark's Telnet dissector source code, where it registers on that port. Basically, don't use port 23. answered 05 May '17, 12:45  cmaynard ♦♦ |
Your connection is using the TCP port 23. Therefore the data gets dissected as Telnet. To work around this, go to 'Analyze' -> 'Enable Protocols' -> search for 'TELNET' and disable it. answered 05 May '17, 12:44  Uli |
