Wireshark
the world's foremost network protocol analyzer
Wireshark-dev: Re: [Wireshark-dev] Overriding existing RPC-TCP heuristic dissector with another heuristic one
From: Shehjar Tikoo <shehjart@xxxxxxxxxxxxxxx>
Date: Fri, 02 Feb 2007 10:31:09 +1100
Hi Jaap Keuter wrote:
The solution is to improve the heuristics until they can figure out which dissector is the correct one.
I need to ensure that my RPC/NFS dissector runs before the default one. The problem is, even if I get the heuristics right(..which is, basicallyasking for all NFS traffic..), there no guarantee that my heuristic dissector will get the packets before the default one.
I was thinking of writing a small preferences based override insidedissect_rpc_tcp_heur(..) in packet-rpc.c which calls my dissector if the preference is set. This check would be done before the:
switch (dissect_rpc_tcp_common(tvb, pinfo, tree, TRUE)) {
.....
.....
}
Is that a way to go?
Thanks
Shehjar
I am writing a RPC over TCP heuristic dissector but the RPC dissector(in packet-rpc.c) also registers a heuristic RPC over TCP dissector. It is possible that the packet my heuristic dissector needs, gets routed to the existing dissector.From the list archives I see discussions about overriding regular dissectors with heuristic dissectors( usingtcp.try_heuristic_first) but how can I override an existing heuristic dissector with another one.
- Follow-Ups:
- References:
- Prev by Date: [Wireshark-dev] blank makefile generated for custom dissector plugin
- Next by Date: Re: [Wireshark-dev] Display Filter References
- Previous by thread: Re: [Wireshark-dev] Overriding existing RPC-TCP heuristic dissector with another heuristic one
- Next by thread: Re: [Wireshark-dev] Overriding existing RPC-TCP heuristic dissector with another heuristic one
- Index(es):