Wireshark
the world's foremost network protocol analyzer
Wireshark-dev: Re: [Wireshark-dev] Using "ip.id" for dissector_add
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 01 Jan 2008 03:56:37 -0800
Lars Friedrichs wrote:
thanks for your reply. I know that the protocol is really misbehaving in several ways but I am not the one who wrote it nor the one who may change it. But from your answer I can conclude that it is not possible to do so?!
Yes.Is the implementation of the protocol assuming that the only other implementations of the protocol with which it exchanges packets assigns the identification field in such a fashion as not to put arbitrary values into the IP identification field? And, therefore, is it assuming that, for example, this will cause no problems if any routers between the source and destination fragment any packets?
If so, then the designer of the protocol really needs to study RFC 791 until their eyeballs bleeed.
If you really need to dissect such an utterly broken protocol, you could try adding to the IP dissector code to have an "ip.id" dissector table.
- Follow-Ups:
- Re: [Wireshark-dev] Using "ip.id" for dissector_add
- From: Michael Tüxen
- Re: [Wireshark-dev] Using "ip.id" for dissector_add
- References:
- [Wireshark-dev] Using "ip.id" for dissector_add
- From: Lars Friedrichs
- Re: [Wireshark-dev] Using "ip.id" for dissector_add
- From: Abhik Sarkar
- Re: [Wireshark-dev] Using "ip.id" for dissector_add
- From: Lars Friedrichs
- Re: [Wireshark-dev] Using "ip.id" for dissector_add
- From: Guy Harris
- Re: [Wireshark-dev] Using "ip.id" for dissector_add
- From: Lars Friedrichs
- [Wireshark-dev] Using "ip.id" for dissector_add
- Prev by Date: Re: [Wireshark-dev] Using "ip.id" for dissector_add
- Next by Date: Re: [Wireshark-dev] Using "ip.id" for dissector_add
- Previous by thread: Re: [Wireshark-dev] Using "ip.id" for dissector_add
- Next by thread: Re: [Wireshark-dev] Using "ip.id" for dissector_add
- Index(es):