Wireshark keeps getting source port incorrect

asked 2019-01-24 09:29:58 +0000

I'm working on a Linux app in C, that receives incoming UDP connections on a configured port. Wireshark always seems to report the source port incorrectly. Here is the byte stream:

\02\00\e7\9f\c0\a8\0f\81\00\00\00\00\00\00\00\00\00\00\00\00\00\00\0 .......

The source port is e79f a 16 bit integer which converts to 59295 decimal. Wireshark decodes this as 59990. This is just one example but it seems Wireshark is always wrong, which I find surprising and I am quite prepared to accept I'm completely stupid, but I can't find any explanation of this disparity. No matter how many times I repeat my test and each time I'm using a different source port, it is always wrong. Wireshark is decoding the requests as DNS requests which they are.

Has anyone else experienced this? Am I stupid?

Ubuntu 17.10.1 Wireshark 2.6.5

edit retag flag offensive close merge delete


Can you publicly share a capture file (e.g. CloudShark, Google Drive, DropBox etc.) and add a link to the file in your question?

grahamb gravatar imagegrahamb ( 2019-01-24 10:00:29 +0000 )edit