Subject: Re: Merging entries from the IANA services list
To: NetBSD User-Level Technical Discussion List <>
From: Greg A. Woods <>
List: tech-userlevel
Date: 11/14/2006 18:25:46
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

At Sat, 11 Nov 2006 15:49:37 -0800,
Bill Studenmund wrote:
> The problem with that is you are assuming that getservbyport() is only=20
> called for local services. I have used ethereal and wireshark on capture =

> files from other systems.

Indeed, as do I.

>   In those cases, what is a locally-anonymous port=20
> may not be an anonymous port in the capture.

For things like ethereal though I was hoping that they did some more
reliable magic to guess the protocol, rather than simply looking up the
port number.  However now that you mention it I'm not so sure what they
do.  :-)

> Sadly, I think the only long-term solution is to cope with port numbers=20
> being misinterpreted, since there are a number of different ways they can=
> be misinterpreted. :-)

Indeed.  I think the whole problem started when getservbyport() was
first invented.  The table should probably never have been used to look
up the protocol name -- only forward lookups to discover the _local_
assignment of a name should have been used.

That does beg the question of how one is supposed to identify a foreign
service (e.g. in captured packet data) when all you know is its port
number, especially if the initial handshake and opening packets are
missing.  UDP protocols can often be even more mysterious when their
packets are found on "non-standard" ports.

						Greg A. Woods

H:+1 416 218-0098 W:+1 416 489-5852 x122 VE3TCP RoboHack <>
Planix, Inc. <>       Secrets of the Weird <>

Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

Version: PGPfreeware 5.0i for non-commercial use
MessageID: 08xx4jyXu9O6xnf3raqLKx9u1mhu7D++