Toralf,
Please also change the // comments to /* ones.
Please make it hauristic and test if it looks like ICT and return TRUE
if it does and is dissected or FALSE if it doesnt look like this
protocol and the packet should be given to some other dissector
instead.
Since this protocol appears to be ASCII based a simple enough
heuristic could probably be to just check that the first 4-8 bytes of
the packet are all ASCII characters or something.
Do you have an example capture for this protocol?
On 9/6/06, Jaap Keuter <jaap.keuter@xxxxxxxxx> wrote:
Hi,
Good start. Since port 1510 is assigned to another protocol, according to
IANA (http://www.iana.org/assignments/port-numbers) :
mvx-lm 1510/udp Midland Valley Exploration Ltd. Lic. Man.
it may prove valuable to have some heuristic in there and return a boolean
to indicate a hit or miss.
Thanx,
Jaap
On Tue, 5 Sep 2006, Toralf [iso-8859-1] Förster wrote:
> Ehm, now with the attached file ...
>
> Playing with wireshark and refreshing my burried C knowledge I created a
new dissector for the protocol
> by shameless copying most of it from packet-daytime.c and others.
>
> The protocol itself is simple enough, a simple string as the payload of
an udp packet, string parts are divided by a ":".
> I'm interesting whether the implementation would be ok and what could be
make better.
>
> Thanks for any reply.
>
> --
> MfG/Sincerely
> Toralf Förster
>
