Wireshark-dev: Re: [Wireshark-dev] Define dissector port
From: "Hal Lander" <hal_lander@xxxxxxxxxxx>
Date: Tue, 16 Jan 2007 08:23:54 -0900
I am still struggling with this. Is there any documentation on heur_dissector_add and where/how to call it?Also I presume from Guy's posting I have to add my protocol into some tables?
Hal
From: "sharon lin" <sharon.lin.1@xxxxxxxxx>Reply-To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>To: "Developer support list for Wireshark" <wireshark-dev@xxxxxxxxxxxxx> Subject: Re: [Wireshark-dev] Define dissector port Date: Tue, 16 Jan 2007 17:51:11 +0200 Add heur_dissector_add("udp", dissect_fring, proto_fring); heur_dissector_add("tcp", dissect_fring, proto_fring); On 1/16/07, Hal Lander <hal_lander@xxxxxxxxxxx> wrote:The word 'heuristic' only appears once in 'readme.developer', and although I have skimmed through the whole document I seem to have missed where it tells you how to make a dissector heuristic. Can you be more specific about where there is an example? Can plugins be heuristic dissectors? Once a dissector is heuristic will it just look on all ports? Hal >From: Guy Harris <guy@xxxxxxxxxxxx> >Reply-To: Developer support list for Wireshark ><wireshark-dev@xxxxxxxxxxxxx> >To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx> >Subject: Re: [Wireshark-dev] Define dissector port >Date: Mon, 15 Jan 2007 10:37:39 -0800 > >Hal Lander wrote: > > Is there a way to get a dissector to run on all ports? > >A dissector that runs on all ports would have to be a heuristic >dissector (otherwise, you wouldn't be able to dissect any TCP/UDP >traffic except for traffic for your protocol). > >So the way you'd do that would be to have your dissector be able to look >at a packet and determine whether it's a packet for your protocol or >not, and use a check for that sort in your dissector. See >doc/README.developer for information on how to make a heuristic >dissector. The name of the heuristic dissector table for TCP is "tcp", >and the table for UDP is "udp". >_______________________________________________ >Wireshark-dev mailing list >Wireshark-dev@xxxxxxxxxxxxx >http://www.wireshark.org/mailman/listinfo/wireshark-dev _________________________________________________________________ Your Hotmail address already works to sign into Windows Live Messenger! Get it now http://clk.atdmt.com/MSN/go/msnnkwme0020000001msn/direct/01/?href=http://get.live.com/messenger/overview _______________________________________________ Wireshark-dev mailing list Wireshark-dev@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-dev
_______________________________________________ Wireshark-dev mailing list Wireshark-dev@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-dev
_________________________________________________________________Fixing up the home? Live Search can help http://imagine-windowslive.com/search/kits/default.aspx?kit=improve&locale=en-US&source=hmemailtaglinenov06&FORM=WLMTAG
- Follow-Ups:
- Re: [Wireshark-dev] Define dissector port
- From: Jaap Keuter
- Re: [Wireshark-dev] Define dissector port
- References:
- Re: [Wireshark-dev] Define dissector port
- From: sharon lin
- Re: [Wireshark-dev] Define dissector port
- Prev by Date: [Wireshark-dev] [PATCH] strptime implicit declaration warning
- Next by Date: [Wireshark-dev] GUI update interval
- Previous by thread: Re: [Wireshark-dev] Define dissector port
- Next by thread: Re: [Wireshark-dev] Define dissector port
- Index(es):
- Get Wireshark
- Download
- Code of Conduct