Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Wireshark keeps getting source port incorrect

I'm working on a Linux app in C, that receives incoming UDP connections on a configured port. Wireshark always seems to report the source port incorrectly. Here is the byte stream:

\02\00\e7\9f\c0\a8\0f\81\00\00\00\00\00\00\00\00\00\00\00\00\00\00\0 .......

The source port is e79f a 16 bit integer which converts to 59295 decimal. Wireshark decodes this as 59990. This is just one example but it seems Wireshark is always wrong, which I find surprising and I am quite prepared to accept I'm completely stupid, but I can't find any explanation of this disparity. No matter how many times I repeat my test and each time I'm using a different source port, it is always wrong. Wireshark is decoding the requests as DNS requests which they are.

Has anyone else experienced this? Am I stupid?

Ubuntu 17.10.1 Wireshark 2.6.5