This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

why wireshark displays TCP payload as telnet?

0

I write an application to dump "0123456789" as payload of TCP to a PCAP file. (based on https://github.com/shadow/shadow/blob/master/src/support/shd-pcap-writer.c).

After loading the generated PCAP with wireshark, it shows the payload as telnet data.

Question> How to fix the problem so that the payload is shown as Data instead of telnet. Thank you

alt text

For example, A correctly display payload is as follows:

alt text

asked 05 May '17, 12:28

q0987's gravatar image

q0987
16225
accept rate: 0%

edited 05 May '17, 12:29


2 Answers:

1

Wireshark displays the payload as Telnet because the well-known TCP port for Telnet is port 23.

See also RFC854, IANA's Service Name and Transport Protocol Port Number Registry, and Wireshark's Telnet dissector source code, where it registers on that port.

Basically, don't use port 23.

answered 05 May '17, 12:45

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142
accept rate: 20%

0

Your connection is using the TCP port 23. Therefore the data gets dissected as Telnet.

To work around this, go to 'Analyze' -> 'Enable Protocols' -> search for 'TELNET' and disable it.

answered 05 May '17, 12:44

Uli's gravatar image

Uli
9031515
accept rate: 29%