OSQA is unmaintained. Help us figure out where to go from here.

I write an application to dump "0123456789" as payload of TCP to a PCAP file. (based on https://github.com/shadow/shadow/blob/master/src/support/shd-pcap-writer.c).

After loading the generated PCAP with wireshark, it shows the payload as telnet data.

Question> How to fix the problem so that the payload is shown as Data instead of telnet. Thank you

alt text

For example, A correctly display payload is as follows:

alt text

asked 05 May, 12:28

q0987's gravatar image

q0987
1625
accept rate: 0%

edited 05 May, 12:29


Wireshark displays the payload as Telnet because the well-known TCP port for Telnet is port 23.

See also RFC854, IANA's Service Name and Transport Protocol Port Number Registry, and Wireshark's Telnet dissector source code, where it registers on that port.

Basically, don't use port 23.

permanent link

answered 05 May, 12:45

cmaynard's gravatar image

cmaynard ♦♦
9.3k838141
accept rate: 20%

Your connection is using the TCP port 23. Therefore the data gets dissected as Telnet.

To work around this, go to 'Analyze' -> 'Enable Protocols' -> search for 'TELNET' and disable it.

permanent link

answered 05 May, 12:44

Uli's gravatar image

Uli
8781515
accept rate: 28%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×232

question asked: 05 May, 12:28

question was seen: 273 times

last updated: 05 May, 12:45

p​o​w​e​r​e​d by O​S​Q​A