Wireshark · Wireshark-dev: Re: [Wireshark-dev] Define dissector port

Wireshark-dev: Re: [Wireshark-dev] Define dissector port

From: "sharon lin" <sharon.lin.1@xxxxxxxxx>

Date: Tue, 16 Jan 2007 17:51:11 +0200

Add
heur_dissector_add("udp", dissect_fring, proto_fring);
heur_dissector_add("tcp", dissect_fring, proto_fring);

On 1/16/07, Hal Lander <hal_lander@xxxxxxxxxxx> wrote:

The word 'heuristic' only appears once in 'readme.developer', and although I
have skimmed through the whole document I seem to have missed where it tells
you how to make a dissector heuristic.

Can you be more specific about where there is an example?
Can plugins be heuristic dissectors?

Once a dissector is heuristic will it just look on all ports?

Hal

>From: Guy Harris < guy@xxxxxxxxxxxx>
>Reply-To: Developer support list for Wireshark
><wireshark-dev@xxxxxxxxxxxxx>
>To: Developer support list for Wireshark < wireshark-dev@xxxxxxxxxxxxx>
>Subject: Re: [Wireshark-dev] Define dissector port
>Date: Mon, 15 Jan 2007 10:37:39 -0800
>
>Hal Lander wrote:
> > Is there a way to get a dissector to run on all ports?
>
>A dissector that runs on all ports would have to be a heuristic
>dissector (otherwise, you wouldn't be able to dissect any TCP/UDP
>traffic except for traffic for your protocol).
>
>So the way you'd do that would be to have your dissector be able to look
>at a packet and determine whether it's a packet for your protocol or
>not, and use a check for that sort in your dissector. See
>doc/README.developer for information on how to make a heuristic
>dissector. The name of the heuristic dissector table for TCP is "tcp",
>and the table for UDP is "udp".
>_______________________________________________
>Wireshark-dev mailing list
>Wireshark-dev@xxxxxxxxxxxxx
>http://www.wireshark.org/mailman/listinfo/wireshark-dev

_________________________________________________________________
Your Hotmail address already works to sign into Windows Live Messenger! Get
it now
http://clk.atdmt.com/MSN/go/msnnkwme0020000001msn/direct/01/?href="">

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Follow-Ups:
- Re: [Wireshark-dev] Define dissector port
  - From: Hal Lander

References:
- Re: [Wireshark-dev] Define dissector port
  - From: Guy Harris
- Re: [Wireshark-dev] Define dissector port
  - From: Hal Lander

Prev by Date: Re: [Wireshark-dev] Define dissector port
Next by Date: Re: [Wireshark-dev] [Wireshark-commits] rev 20442: /trunk/tools/lemon/ /trunk/tools/lemon/: lemon.c
Previous by thread: Re: [Wireshark-dev] Define dissector port
Next by thread: Re: [Wireshark-dev] Define dissector port
Index(es):
- Date
- Thread