This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Can somebody tell me how to avoid, in the info column, the display of source port and destination port? I'm checking megaco traces and it is not easy to follow the call due to this not necesary info in the info column: Source port: h248-binary Destination port: megaco-h248
or Source port: h248-binary Destination port: megaco-h248 I noticed this behaviour starting from release 1.6.0

This question is marked "community wiki".

asked 21 Nov '11, 09:33

rubik001's gravatar image

rubik001
1223
accept rate: 0%

Have you checked if any of the protocol preferences influence output to the info column? Is the output to the info column important to your analysis? If not, you could just hide the column.

(21 Nov '11, 09:42) multipleinte...

Is Wireshark actually dissecting the packet as MEGACO? Those are put into the Info column by the UDP dissector (there's no option to disable that), but, if Wireshark is dissecting the packets as MEGACO packets, the MEGACO dissector should replace the Info column with its own information, overwriting that information. If it's not doing so, that's a bug.

(21 Nov '11, 12:15) Guy Harris ♦♦

The output info is important for analysis, having this info it is more simple to analyse the traces, you can see the message type, transaction and context numbers. When the "source and destination port" info is added, the indicated info is shifted to the rigth out of the screen. The packets are correctly displayed in the packet Details windows. And it is interesting not all the packets are showed in the "info column" with "source and destination port" info. Due to this "feature" I have to unistall the 1.6.x release and back to release 1.4.10. If this is a bug, how to report it to the developers?

(22 Nov '11, 02:12) rubik001

The best bet would be to raise an issue on the Wireshark Bugzilla, adding a capture illustrating the issue. You can mark the attachment private if you don't want it to be publicly visible.

You should also check for an existing bug report first, and add a comment (and capture) to that if you find one.

(22 Nov '11, 02:23) grahamb ♦

I infer from your comment (converted to a comment - it doesn't answer your question, so it should be a comment, not an answer; this is a Q&A site, not a forum, as the first item in the FAQ for the site says) that Wireshark is dissecting the packets as MEGACO.

If so, that means that this is a problem with the MEGACO dissector, NOT with the UDP dissector; the UDP dissector is doing what it should do when it adds that information to the Info column, because that means that if the UDP dissector doesn't find a subdissector to dissect the payload the Info column indicates what's in the UDP header, but the MEGACO dissector is NOT doing what it should do when it appends to the Info column rather than overwriting it.

Please file a bug in the Wireshark Bugzilla against the MEGACO dissector as per grahamb's comment.

permanent link

answered 22 Nov '11, 09:15

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×33
×29

question asked: 21 Nov '11, 09:33

question was seen: 9,801 times

last updated: 24 Jul '12, 22:09

p​o​w​e​r​e​d by O​S​Q​A