This is our old Q&A Site. Please post any new questions and answers at

I write an application to dump "0123456789" as payload of TCP to a PCAP file. (based on

After loading the generated PCAP with wireshark, it shows the payload as telnet data.

Question> How to fix the problem so that the payload is shown as Data instead of telnet. Thank you

alt text

For example, A correctly display payload is as follows:

alt text

asked 05 May '17, 12:28

q0987's gravatar image

accept rate: 0%

edited 05 May '17, 12:29

Wireshark displays the payload as Telnet because the well-known TCP port for Telnet is port 23.

See also RFC854, IANA's Service Name and Transport Protocol Port Number Registry, and Wireshark's Telnet dissector source code, where it registers on that port.

Basically, don't use port 23.

permanent link

answered 05 May '17, 12:45

cmaynard's gravatar image

cmaynard ♦♦
accept rate: 20%

Your connection is using the TCP port 23. Therefore the data gets dissected as Telnet.

To work around this, go to 'Analyze' -> 'Enable Protocols' -> search for 'TELNET' and disable it.

permanent link

answered 05 May '17, 12:44

Uli's gravatar image

accept rate: 29%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 05 May '17, 12:28

question was seen: 1,415 times

last updated: 05 May '17, 12:45

p​o​w​e​r​e​d by O​S​Q​A