Joerg Mayer wrote:
On Sat, Mar 17, 2007 at 08:28:21AM +0000, morriss@xxxxxxxxxxxxx wrote:
http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=21041
...
Log:
Strengthen TAPA's heuristics some:
- check if the tunnel type is known
- if it's a discover_request, check that the (first) request type
is known
Btw, is there a way to access the UDP port information from inside tapa?
We could check whether one of the ports is 5000, because that is always true
for tapa discover packets. I created it as a heuristic dissector because
not all traffic to udp 5000 is tapa.
pinfo->srcport and pinfo->destport should work, I think.
If all TAPA traffic is on port 5000 then a better way than creating a
heuristic dissector would be to register to port 5000 (I think TAPA
already does) and then make TAPA a "new style" dissector (that is, have
it return the number of bytes it dissected or 0 if it thinks the packet
isn't TAPA). The same heuristics could be used but it wouldn't be a
heuristic dissector in that case (which is how it picked up my UDP
traffic on ports != 5000).
