Protocol identification

Question

Is there a way to identify the protocol based on the captured data by wireshark? Data from 7 multicast packets captured is shown below.

p.#1 4c 45 49 00 00 ff 09 a3 00 1c 00 30 00 72 1c 16 b5 81 9d 47 ee 18 fb 40 b7 38 ef c5 95 a6 d3 34 00 06 00 00 00 00 00 03 00 00 00 0c 05 01 04 00 18 c1 35 08 06 00 00 00 00 01 16 eb p.#2 4c 45 49 05 00 ff 09 49 00 02 00 18 00 00 00 6f 00 2e b0 99 00 06 00 00 00 00 00 03 00 00 00 0c 08 00 00 00 p.#3 4c 45 49 00 00 ff 09 a4 00 1c 00 30 00 72 1c 16 b5 81 9d 47 ee 18 fb 40 b7 38 ef c5 95 a6 d3 34 00 06 00 00 00 00 00 03 00 00 00 0c 05 01 04 00 18 c1 35 08 06 00 00 00 00 01 16 eb p.#4 4c 45 49 05 00 ff 09 4a 00 02 00 18 00 00 00 6f 00 2e b0 99 00 06 00 00 00 00 00 03 00 00 00 0c 08 00 00 00 p.#5 4c 45 49 00 00 ff 09 a5 00 1c 00 30 00 72 1c 16 b5 81 9d 47 ee 18 fb 40 b7 38 ef c5 95 a6 d3 34 00 06 00 00 00 00 00 03 00 00 00 0c 05 01 04 00 18 c1 35 08 06 00 00 00 00 01 16 eb p.#6 4c 45 49 05 00 ff 09 4b 00 02 00 18 00 00 00 6f 00 2e b0 99 00 06 00 00 00 00 00 03 00 00 00 0c 08 00 00 00

p.#7 4c 45 49 00 00 ff 09 a6 00 1c 00 30 00 72 1c 16 b5 81 9d 47 ee 18 fb 40 b7 38 ef c5 95 a6 d3 34 00 06 00 00 00 00 00 03 00 00 00 0c 05 01 04 00 18 c1 35 08 06 00 00 00 00 01 16 eb

Answer 1

0

UDP Port 2056 is sometimes used by a game called Civilization 4 (in multiplayer mode).

Is that game installed on the client (IP address 192.168.20.222)?

Regards
Kurt

answered 09 May '13, 16:16

Kurt Knochner ♦
24.8k●10●39●237
accept rate: 15%

No, 192.168.20.222 is a Lutron RadioRa2 device, it multicasts over port 2056, which allows Lutron Home Control App on an iPhone or Android device locate RadioRa2 on the network.

(09 May '13, 17:46) net_tech

Well, then this is a proprietary protocol used by your Lutron device. See your other question regarding this:

http://ask.wireshark.org/questions/19042/dissect-traffic-between-lutron-radiora2-and-alarmcom

(10 May '13, 02:28) Kurt Knochner ♦