Can somebody tell me how to avoid, in the info column, the display of source port and destination port? I'm checking megaco traces and it is not easy to follow the call due to this not necesary info in the info column: Source port: h248-binary Destination port: megaco-h248 This question is marked "community wiki". asked 21 Nov '11, 09:33 rubik001 |
One Answer:
I infer from your comment (converted to a comment - it doesn't answer your question, so it should be a comment, not an answer; this is a Q&A site, not a forum, as the first item in the FAQ for the site says) that Wireshark is dissecting the packets as MEGACO. If so, that means that this is a problem with the MEGACO dissector, NOT with the UDP dissector; the UDP dissector is doing what it should do when it adds that information to the Info column, because that means that if the UDP dissector doesn't find a subdissector to dissect the payload the Info column indicates what's in the UDP header, but the MEGACO dissector is NOT doing what it should do when it appends to the Info column rather than overwriting it. Please file a bug in the Wireshark Bugzilla against the MEGACO dissector as per grahamb's comment. answered 22 Nov '11, 09:15 Guy Harris ♦♦ |
Have you checked if any of the protocol preferences influence output to the info column? Is the output to the info column important to your analysis? If not, you could just hide the column.
Is Wireshark actually dissecting the packet as MEGACO? Those are put into the Info column by the UDP dissector (there's no option to disable that), but, if Wireshark is dissecting the packets as MEGACO packets, the MEGACO dissector should replace the Info column with its own information, overwriting that information. If it's not doing so, that's a bug.
The output info is important for analysis, having this info it is more simple to analyse the traces, you can see the message type, transaction and context numbers. When the "source and destination port" info is added, the indicated info is shifted to the rigth out of the screen. The packets are correctly displayed in the packet Details windows. And it is interesting not all the packets are showed in the "info column" with "source and destination port" info. Due to this "feature" I have to unistall the 1.6.x release and back to release 1.4.10. If this is a bug, how to report it to the developers?
The best bet would be to raise an issue on the Wireshark Bugzilla, adding a capture illustrating the issue. You can mark the attachment private if you don't want it to be publicly visible.
You should also check for an existing bug report first, and add a comment (and capture) to that if you find one.