[prev in list] [next in list] [prev in thread] [next in thread]
List: wireshark-users
Subject: Re: [Wireshark-users] TCP Name Resolution for Well Know Ports Only
From: Julian Fielding <jfielding () ra ! rockwell ! com>
Date: 2009-02-26 18:46:59
Message-ID: OFBEAA2671.85A795FC-ON80257569.0062ADF7-80257569.00672DAA () ra ! rockwell ! com
[Download RAW message or body]
This is a multipart message in MIME format.
This is a multipart message in MIME format.
--=_alternative 0067295480257569_=
Content-Type: text/plain; charset="US-ASCII"
Jeff Morriss wrote on Wed, 25 Feb 2009 15:07:27 -0500
> Jeffrey Walton wrote:
> > Hi All,
> >
> > How does one specify that Wireshark only perfrom tcp name resolution
> > for ports below 1024? Section 7 of the User Manual only offers an
> > all-or-nothing solution. I'm finding that the resolution of ephemeral
> > ports such as 3047 is distracting.
> >
> > I see that Guy Harris proposed two Wireshark resolution files [1], but
> > I can't tell if it has been implemented, and (if implemented) I don't
> > see where one would select either.
> >
> > Thanks,
> > Jeff
> >
> > [1]
http://www.mail-archive.com/wireshark-users@wireshark.org/msg04537.html
>
> I don't think anything like that has been implemented nor do I know of
> any plans to do it. You could open an enhancement in bugzilla to
> suggest it.
Meanwhile, as a workaround, why not edit Program Files\Wireshark\services
?
It's text, with only LF at end of line, so use WordPad instead of Notepad.
Note: I haven't tested this. You should, in any case, make a backup of the
original file. I do something similar with another file, and use a small
bat to switch between my edited version and the backup.
Julian.
--=_alternative 0067295480257569_=
Content-Type: text/html; charset="US-ASCII"
<br><font size=2 face="sans-serif">Jeff Morriss wrote on Wed, 25 Feb 2009
15:07:27 -0500</font>
<br><font size=2 face="sans-serif">>Jeffrey Walton wrote:</font>
<br><font size=2 face="sans-serif">>> Hi All,</font>
<br><font size=2 face="sans-serif">>> </font>
<br><font size=2 face="sans-serif">>> How does one specify that Wireshark
only perfrom tcp name resolution</font>
<br><font size=2 face="sans-serif">>> for ports below 1024? Section
7 of the User Manual only offers an</font>
<br><font size=2 face="sans-serif">>> all-or-nothing solution. I'm
finding that the resolution of ephemeral</font>
<br><font size=2 face="sans-serif">>> ports such as 3047 is distracting.</font>
<br><font size=2 face="sans-serif">>> </font>
<br><font size=2 face="sans-serif">>> I see that Guy Harris proposed
two Wireshark resolution files [1], but</font>
<br><font size=2 face="sans-serif">>> I can't tell if it has been
implemented, and (if implemented) I don't</font>
<br><font size=2 face="sans-serif">>> see where one would select
either.</font>
<br><font size=2 face="sans-serif">>> </font>
<br><font size=2 face="sans-serif">>> Thanks,</font>
<br><font size=2 face="sans-serif">>> Jeff</font>
<br><font size=2 face="sans-serif">>> </font>
<br><font size=2 face="sans-serif">>> [1] \
http://www.mail-archive.com/wireshark-users@wireshark.org/msg04537.html</font> \
<br><font size=2 face="sans-serif">></font> <br><font size=2 \
face="sans-serif">>I don't think anything like that has been implemented nor do I \
know of </font> <br><font size=2 face="sans-serif">>any plans to do it. You \
could open an enhancement in bugzilla to </font>
<br><font size=2 face="sans-serif">>suggest it.</font>
<br>
<br><font size=2 face="sans-serif">Meanwhile, as a workaround, why not
edit Program Files\Wireshark\services ?</font>
<br><font size=2 face="sans-serif">It's text, with only LF at end of line,
so use WordPad instead of Notepad.</font>
<br>
<br><font size=2 face="sans-serif">Note: I haven't tested this. You should,
in any case, make a backup of the original file. I do something similar
with another file, and use a small bat to switch between my edited version
and the backup.</font>
<br>
<br><font size=2 face="sans-serif">Julian.</font>
--=_alternative 0067295480257569_=--
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@wireshark.org?subject=unsubscribe
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic