Wireshark · Ethereal-dev: Re: [Ethereal-dev] New preference for tcp

[Guy Harris <guy@xxxxxxxxxxxx>]

On Wednesday, July 23, 2003, at 4:40 PM, Guy Harris wrote:

> On Monday, July 21, 2003, at 4:38 AM, Lars Roland wrote:
>
> > the attached patch adds a new preference to the tcp-dissector.
> > You can decide, if you want the tcp dissector looking for a matching 
> > heuristic subdissector before looking for a registered port or the 
> > other way round. Last one is default, so the actual mechanism won't 
> > change without setting the new preference.
>
> Perhaps UDP should have a similar preference.

It should.  I've checked in your patch plus a change to do the same for 
UDP.

There might be other dissectors for which this should be done as well.

(Another possibility would be to have "weak" and "strong" heuristic 
dissectors, where a "weak" one is likely to have false hits but a 
"strong" one isn't; we could check the "strong" ones before the port 
numbers and the "weak" ones after.  Or we could have a numerical 
strength value, with stronger ones checked before weaker ones, and the 
halfway point between the minimum and maximum strength being the split 
between "strong" ones and "weak" ones.  However, that's a bit 
complicated, and people might not choose the right strength.)