Wireshark-dev: Re: [Wireshark-dev] Overriding existing RPC-TCP heuristic dissector with another heuristic one

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Thu, 1 Feb 2007 16:13:06 -0800

On Feb 1, 2007, at 3:31 PM, Shehjar Tikoo wrote:

I need to ensure that my RPC/NFS dissector runs before the default one. The problem is, even if I get the heuristics right(..which is, basically

asking for all NFS traffic..), there no guarantee that my heuristic
dissector will get the packets before the default one.

An RPC/NFS dissector shouldn't be *a* dissector, it should be *two* dissectors - one for ONC RPC, and one for NFS.

If you need to dissect ONC RPC differently from the way the ONC RPC dissector in Wireshark dissects it, either modify or replace the ONC RPC heuristic dissector.

If you need to dissect NFS differently from the way the NFS dissector in Wireshark dissects NFS, either modify or replace the *non- heuristic* NFS dissector.

If you need to dissect both of them differently, modify or replace both dissectors.