From bf158b3e4105a6e159ed570211d2f826e951083d Mon Sep 17 00:00:00 2001 From: David Fort Date: Wed, 9 Nov 2022 15:26:37 +0100 Subject: tpkt: don't have the heuristic enforce TPKT dissecting Most RDP connections starts with TPKT and then switch to TLS, so enforcing TPKT for the whole conversation makes the decoding fail. --- epan/dissectors/packet-tpkt.c | 4 ---- 1 file changed, 4 deletions(-) (limited to 'epan/dissectors/packet-tpkt.c') diff --git a/epan/dissectors/packet-tpkt.c b/epan/dissectors/packet-tpkt.c index 41635cb5ac..ae602bfba2 100644 --- a/epan/dissectors/packet-tpkt.c +++ b/epan/dissectors/packet-tpkt.c @@ -594,8 +594,6 @@ dissect_ascii_tpkt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* da static int dissect_tpkt_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) { - conversation_t *conversation; - if (is_tpkt(tvb, 0) == -1) { /* Doesn't look like TPKT directly. Might be over TLS, so reject * and let the TLS heuristic dissector take a look @@ -603,8 +601,6 @@ dissect_tpkt_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *dat return 0; } - conversation = find_or_create_conversation(pinfo); - conversation_set_dissector(conversation, tpkt_handle); return dissect_tpkt(tvb, pinfo, tree, data); } -- cgit v1.2.3