Wireshark · Wireshark-dev: Re: [Wireshark-dev] question(s) on the use of heur_dissector

Wireshark-dev: Re: [Wireshark-dev] question(s) on the use of heur_dissector_add

From: Brian Vandenberg <phantal@xxxxxxxxx>

Date: Thu, 21 Sep 2006 22:54:39 -0600

BTW, does your protocol (which I assume runs atop HTTP) have aContent-Type (media type) value associated with it? If so, you mightwant to register that media type in the "media_type" string dissectortable.

Yes. I did some toying around today with that and got it working byjust adding it as a dissector for a media type ofapplication/x-url-form-encoded, and I figured I'd just add, or not add,tree items and info to the summary depending on whether it really is oneof our packets or not. So, rather than returning a true/false from myheuristic dissector, I just dropped my heuristic code into a regulardissector function, and made some alterations as to what the meaning ofthe boolean I was using meant.


-Brian

References:
- Re: [Wireshark-dev] Crash after Init dissectors (read_hosts_file)
  - From: Shelly Cadora
- Re: [Wireshark-dev] http_dissector_add
  - From: Brian Vandenberg
- Re: [Wireshark-dev] question(s) on the use of heur_dissector_add
  - From: Brian Vandenberg
- Re: [Wireshark-dev] question(s) on the use of heur_dissector_add
  - From: Guy Harris

Prev by Date: [Wireshark-dev] Linking with archive libraries in hp-ux
Next by Date: [Wireshark-dev] Debugging in a win32 environment
Previous by thread: Re: [Wireshark-dev] question(s) on the use of heur_dissector_add
Next by thread: Re: [Wireshark-dev] http_dissector_add
Index(es):
- Date
- Thread