Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2024-06-29 19:18:35 +0000

Guy Harris gravatar image

With the script modified so that I can 1) have it run the programs from a build tree for main-branch Wireshark, 2) have it run TShark with -2, and 3) run it with Wireshark rather than TShark, I find that, when running from the main-branch build tree:

  1. with TShark and no -2, I get:

    Heuristic dissector:
    1 0.000000000     10.1.1.1 → 10.2.2.2     RRoCE 60 [Malformed Packet]
Heuristic dissector, overriding infiniband.try_heuristic_first to true:
    1 0.000000000     10.1.1.1 → 10.2.2.2     RRoCE 60 [Malformed Packet]
Heuristic dissector, InfiniBand disabled:
prop dissector invoked
    1 0.000000000     10.1.1.1 → 10.2.2.2     PROP 60 65432 → 4791 Len=8

  2. with TShark and -2, I get:

    Heuristic dissector:
    1 0.000000000     10.1.1.1 → 10.2.2.2     RRoCE 60 [Malformed Packet]
Heuristic dissector, overriding infiniband.try_heuristic_first to true:
    1 0.000000000     10.1.1.1 → 10.2.2.2     RRoCE 60 [Malformed Packet]
Heuristic dissector, InfiniBand disabled:
prop dissector invoked
prop dissector invoked
    1 0.000000000     10.1.1.1 → 10.2.2.2     PROP 60 65432 → 4791 Len=8

  3. with Wireshark, I get:

    Heuristic dissector:
1   2024-06-29 11:57:27.000001000   10.1.1.1    10.2.2.2    RRoCE   60  [Malformed Packet]
Heuristic dissector, overriding infiniband.try_heuristic_first to true:
1   2024-06-29 11:57:27.000001000   10.1.1.1    10.2.2.2    RRoCE   60  [Malformed Packet]
Heuristic dissector, InfiniBand disabled:
prop dissector invoked
prop dissector invoked
prop dissector invoked
prop dissector invoked
prop dissector invoked
prop dissector invoked
1   2024-06-29 11:57:27.000001000   10.1.1.1    10.2.2.2    PROP    60  65432 → 4791 Len=8

(the Wireshark is a mixture of stuff printed to the terminal and a summary line copied from the display, for each test).

With the Wireshark 4.2.5 installed on my machine:

  1. with TShark and no -2, I get:

    Heuristic dissector:
    1 0.000000000     10.1.1.1 → 10.2.2.2     RRoCE 60 [Malformed Packet]
Heuristic dissector, overriding infiniband.try_heuristic_first to true:
    1 0.000000000     10.1.1.1 → 10.2.2.2     RRoCE 60 [Malformed Packet]
Heuristic dissector, InfiniBand disabled:
prop dissector invoked
    1 0.000000000     10.1.1.1 → 10.2.2.2     PROP 60 65432 → 4791 Len=8

  2. with TShark and -2, I get:

    Heuristic dissector:
    1 0.000000000     10.1.1.1 → 10.2.2.2     RRoCE 60 [Malformed Packet]
Heuristic dissector, overriding infiniband.try_heuristic_first to true:
    1 0.000000000     10.1.1.1 → 10.2.2.2     RRoCE 60 [Malformed Packet]
Heuristic dissector, InfiniBand disabled:
prop dissector invoked
prop dissector invoked
    1 0.000000000     10.1.1.1 → 10.2.2.2     PROP 60 65432 → 4791 Len=8

  3. with Wireshark, I get:

    Heuristic dissector:
1   2024-06-29 12:08:22.000001000   10.1.1.1    10.2.2.2    RRoCE   60  [Malformed Packet]
Heuristic dissector, overriding infiniband.try_heuristic_first to true:
1   2024-06-29 12:08:22.000001000   10.1.1.1    10.2.2.2    RRoCE   60  [Malformed Packet]
Heuristic dissector, InfiniBand disabled:
prop dissector invoked
prop dissector invoked
prop dissector invoked
prop dissector invoked
prop dissector invoked
prop dissector invoked
1   2024-06-29 12:08:22.000001000   10.1.1.1    10.2.2.2    PROP    60  65432 → 4791 Len=8

So, at least for me, with both 4.2.5 and the main branch - and with udp.try_heuristic_first set to FALSE by default:

  1. -2 makes no difference for TShark;
  2. Wireshark vs. TShark makes no difference.

What version of Wireshark/TShark are you running?