Wireshark · Wireshark-dev: Re: [Wireshark-dev] question(s) on the use of heur_dissector

Wireshark-dev: Re: [Wireshark-dev] question(s) on the use of heur_dissector_add

From: Brian Vandenberg <phantal@xxxxxxxxx>

Date: Wed, 20 Sep 2006 18:08:23 -0600

I've not found much documentation on this, so if this question can beanswered by reading a document on this, let me know.


 I created a heuristic dissector function and registered it like so:

heur_dissector_add ("http", dissect_test, proto_test);

The server listens on port 80 (among others). I have had aninteresting time trying to figure out why my heuristic function isn'tcalled, so I added a breakpoint inside dissect_http to this if statement:


...
if (handle != NULL) {
 // call subdissector
}
else {
 // call dissector_try_heuristic
}

As far as I can tell, basically, I can't use a heuristic dissector todissect anything http has already looked at if another dissector hasregistered itself as a subdissector for the given port. Is that aboutaccurate? Is there something I'm missing? Is there another way toaccomplish what I'm trying to do?


-Brian

Follow-Ups:
- Re: [Wireshark-dev] question(s) on the use of heur_dissector_add
  - From: Guy Harris

References:
- Re: [Wireshark-dev] Crash after Init dissectors (read_hosts_file)
  - From: Shelly Cadora
- Re: [Wireshark-dev] http_dissector_add
  - From: Brian Vandenberg

Prev by Date: Re: [Wireshark-dev] http_dissector_add
Next by Date: Re: [Wireshark-dev] question(s) on the use of heur_dissector_add
Previous by thread: Re: [Wireshark-dev] http_dissector_add
Next by thread: Re: [Wireshark-dev] question(s) on the use of heur_dissector_add
Index(es):
- Date
- Thread