Dissector needed: WS-Discovery, UDP port 3702
Description
Hello everyone,
the other day I was capturing some traffic out of my Windows PC as I recognized this "unknown" protocol within Wireshark:
That is:
- sent by a Windows 11 version 22H2 (Build 22621.2283)
- sent to multicast groups for IPv6 (ff02::c, sourced by the link-local address) and legacy IP (239.255.255.250 <- same as for SSDP)
- UDP dst.port 3702
A quick googling led me to Wikipedia WS-Discovery. But I've never seen this in production before.
Maybe there are some references out there to code a basic dissector? #challenge
Sample capture file
This capture file includes the IPv6 and legacy IP packets seen in the screenshot above, as well as SSDP packets (since they are using the same multicast address for legacy IP): WS-Discovery_and_SSDP.pcapng
Links / references / protocol specifications
Wikipedia WS-Discovery: https://en.wikipedia.org/wiki/WS-Discovery
IANA port number registry: https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=3702