On Thursday 20 July 2006 12:06, Jeff Morriss wrote:
> If I set the TCP preference "Try heuristic dissectors first?" then the
> "nok" file shows up as H1 for me.
This works for me too, thanks!
> The "nok" file has a TCP segment between ports 1030 and 2000. Looking in:
>
> http://www.iana.org/assignments/port-numbers
>
> we can see that port 2000 is registered to "Cisco SCCP" which Wireshark
> has a dissector for (it's called "Skinny" in Wireshark). Sure enough,
> "packet-skinny.c" is not a new style dissector (it returns void), so
> it's what's eating your packet.
OK, thanks for clearing this up. I did not keep in mind that another
dissector may be called that does not dissect the packet but just hand
it of to the data dissector (I thought the data dissector was directly
called by the tcp dissector in this case). Now I understand why it's
important to use the new style for dissectors.
> (This can be verified by disabling the Skinny dissector; again, your
> "nok" packet shows up as H1.)
This works as well, thanks for your help.
Regards,
Thomas Böhne
--
Jäger Computergesteuerte Messtechnik GmbH
Thomas Böhne
Rheinstraße 2-4
64653 Lorsch
Germany
Tel.: +49-6251-9632-0
