Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-commits: [Wireshark-commits] rev 35116: /trunk/epan/dissectors/ /trunk/epan/dissectors/:

Date: Fri, 03 Dec 2010 23:04:47 GMT
http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=35116

User: morriss
Date: 2010/12/03 03:04 PM

Log:
 From Andrew Feren via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5380 :
 
 Comment in the code asked....
 
  /*XXX: 2 bytes skipped ?? */
 
 Here is what I have found.
 
 The high byte (1) indicates the Classification Engine ID
 The low bytes (3) indicate the application ID
 
 Engine ID of 5 is NBAR Standard.
 Engine ID of 6 is NBAR Custom.
 
 Attached patch displays all 4 bytes (type and ID) in a readable way.  Also
 allows better filtering.

Directory: /trunk/epan/dissectors/
  Changes    Path                Action
  +14 -2     packet-netflow.c    Modified