> For fragmented UDP Messages I can't find a preference to reassemble the
> whole UDP message before it is passed to the dissector. How do I enable
> reassembly of UDP fragments?
You might be talking of UDP over fragments of IP, in which case
Preferences->Protocols->IP->reassemble fragmented IP datagrams may be
what you are looking for.
A message split in several UDP packets would require a session layer
protocol to reasemble it or else it will barelly work. That means
your dissector should keep track of this.
> Can anyone point me at a good sample for a heuristic tcp dissector? I'd
> like to add dissection of TCP streams, but am wondering how to "claim" a
> tcp stream which begins with JXTA's signature value. I've currently got
> a global preference for port numbers, but JXTA generally doesn't use
> fixed ports so I'd prefer to do it heuristically.
in packet-rtp.c there's a good example of heuristic dissector.
please, make it optional with a preference setting that defauls to false.
> I'm also looking for a sample of dissection of a protocol which is
> running ontop of HTTP.
MMSE
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
