This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

DIS Warfare

0

Hi everybody,

I'm just starting out with Wireshark and ran a test capture on one of our servers. The expert infos showed a lot of errors, mostly malformed packets. I filtered out some packets and was hoping someone can explain what's actually going on here. The source addresses are NEC Dect AP's on our network.

a screenshot

dis.pcapng

We're not experiencing noticable issues, but I would still like to know if this is normal behaviour (think not) or if I need to further investigate this. Thanks in advance!

asked 11 Dec '15, 15:09

schapie1978's gravatar image

schapie1978
6112
accept rate: 0%


One Answer:

0

That is just the DECT AP's communication with each other on the network. They use Multicast to discover each other, hence why you are seeing the traffic at your server. It seems that they use a proprietary protocol, and Wireshark makes a guess as to the protocol...in this instance DIS, since it uses UDP port 3000 which is IANA registered.

answered 11 Dec '15, 17:16

Rooster_50's gravatar image

Rooster_50
23891218
accept rate: 15%