While capturing a multicast video feed on port 9000, I noticed Wireshark was identifying the content of the UDP packets as PCLI (Packet Cable Lawful Intercept) containing another IP datagram.
Has anyone seen this issue before?
Disabling the PCLI dissector fixes this.
asked 15 Mar '12, 07:56
edited 15 Mar '12, 08:46
The PCLI dissector is registered to decode anything on UDP Port 9000. There are no heuristics in the dissector to check if the packet is indeed PCLI, nor does it seem to be an IANA allocated port.
Disabling the dissector is the correct approach if your traffic isn't PCLI.
answered 15 Mar '12, 08:26