Here are 2 screenshots https://imgur.com/a/8gua4uu
I don't have any Canon devices. Does Wireshark misidentify things to this extent? I'm using Brave browser, and occasionally playing a few games from legal sources.
When looking at the dissector, any UDP packet on port 8611-8614 which has a printable character at the start is considered a Canon BJNP packet. Also the services file identifies these ports as used for Canon BJNP. However, these are not reserved ports, so it's not inconceivable that another use is made of these ports, with another protocol. That is what seems to be the case here.
And, other than the port range check, that's a fairly weak heuristic, so, yes, Wireshark does misidentify things to this extent. If more tests could be added to the Canon BJNP dissector so that it misidentifies fewer packets, that should be done.
Asked: 2023-05-08 02:02:41 +0000
Seen: 438 times
Last updated: May 08 '23
