On Apr 23, 2012, at 10:56 AM, Gerald Combs wrote: > Wireshark has transport name resolution enabled by default. > Unfortunately protocol numbers often get mapped to the wrong name, which > can lead to confusion: > > https://ask.wireshark.org/questions/10380/what-is-commplex-main > > It seems like the "services" file has effectively become "a list of > things not running on the network".
As in "a list of obscure old protocols that nobody remembers any more". :-) > This is especially true for OSes > that use the old-style (1024 - 4999) ephemeral port range. Is there any > reason we shouldn't disable transport name resolution by default for the > 1.8 release? Sounds good to me. It'd be interesting to see how many dissectors for stuff running atop TCP or UDP are old-fashioned dissectors registering for hardwired port numbers and how many either 1) have a port number/numbers preference; 2) are new-style dissectors that can say "this might be for the port that's nominally mine, but it's not me"; 3) are heuristic dissectors; and how often "Decode As..." is used to override whatever decision Wireshark makes. In the early days of TCP/IP, port numbers might have been useful protocol indicators; over time they've become less useful. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe