This is our old Q&A Site. Please post any new questions and answers at


I was trying to send some data in TCP\IP protocol, and Wireshark has defined it as IPA protocol. The data was in there, but also some kind of unknown info at the start of the monitored data, data which I don't know and didn't try to send...

did anybody heard about this phenomenon ?



asked 27 Feb '12, 03:25

kobi1209's gravatar image

accept rate: 0%

edited 27 Feb '12, 04:19

Jaap's gravatar image

Jaap ♦

"IPA" is the ip.access "GSM over IP" protocol. That protocol apparently uses ports 3002, 3003, 3006, 4249, 4250, and 5000 over TCP. The ip.access dissector doesn't check whether the packets handed to it look like ip.access packets, so traffic that's not ip.access traffic but that's to or from one of those ports might be incorrectly dissected as ip.access traffic.

This problem is difficult if not impossible to solve in general; neither TCP nor UDP have a "protocol identifier" field to definitively identify the protocol being transported over TCP or UDP, they just have port numbers that, along with the IP host addresses, uniquely specify the communications endpoints. A given port is not guaranteed to carry only traffic for a particular protocol.

In your case, you could try disabling the ip.access dissector, or changing its TCP port number preference to an empty string or a string that doesn't mention the TCP port you're using.

permanent link

answered 27 Feb '12, 13:27

Guy%20Harris's gravatar image

Guy Harris ♦♦
accept rate: 19%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 27 Feb '12, 03:25

question was seen: 32,989 times

last updated: 27 Feb '12, 13:27

p​o​w​e​r​e​d by O​S​Q​A