Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] heuristic Dissector vs. normal dissector

From: "Tom Stevens" <tomstevens@xxxxxxx>
Date: Wed, 27 Aug 2008 23:56:46 +0200
Thanks for the information!

But, without a Port number, how can wireshark find (identify) the correct dissector for the incoming packets. What are specific criteria? Maybe you can give me an example. I'm a bit slow on the uptake at the moment.

Greetings Tom (Germany)



2008/8/27 Kumar, Hemant <kumarh@xxxxxxxxxxxx>

Basically Heuristic Dissector means that your dissector will accept all the Traffic Packets and will not segregate based on port number.

So to identify your own custom dissector protocol messages you have to separate out the packets based on certain criteria specific to your

Protocol.

And a normal dissector is registered with the Wireshark  based on port information which tells the Wireshark on which port your message is

Going to be exchanges.

 

I hope it clarifies.

 

Hemant.

 


From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Tom Stevens
Sent: Wednesday, August 27, 2008 2:24 PM
To: wireshark-dev@xxxxxxxxxxxxx
Subject: [Wireshark-dev] heuristic Dissector vs. normal dissector

 

Hi!

What are the differences between a heuristic dissector and a normal dissector. So far i have not considered heuristic dissectors, because I did not know what they are and how to use them.
Maybe you can help!

Thanks in advance Tom (Germany)


_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-dev