I wrote a heuristic packet dissector and it doesn't show up under the list
of "Decode As..." options. I searched through the code and found that the
Decode As function loads the following dissector tables:
dissector_table_foreach("tcp.port", decode_add_to_clist, &info);
dissector_table_foreach("udp.port", decode_add_to_clist, &info);
dissector_conv_foreach("udp", decode_add_to_clist, &info);
It never adds any of the heuristic dissectors to the list...this is a huge
problem because right I can't change how my packet is being decoded!
I've got a TCP conversation between ports 6668 and 7000 and it seems that
Gryphon listens on port 7000. But, this isn't a Gryphon packet...it's an
IPDC packet. But IPDC needs to be dissected heuristically...and even if I
turn off processing of Gryphon packets, it doesn't seem to dissect as IPDC.
The heuristic dissection works fine when the port isn't taken by another
dissector. Any ideas?
--
PC Drew
Be nice, or I'll replace you with a very
small shell script
