Thanks Harris It worked fine.
I have another design query related to Heuristic dissectors. Well actually for TCP traffic already Ports are defined so I can let only those data packets to be dissected for whom tvb->srcport and destport is one of the
Already defined ports. This way if though my dissector is heuristic, it is able to discard junk packets which are not suited for my purpose.
But for UDP there are no ports pre-defined and ports are basically decided on the fly. So it happens that flood of packets comes to my dissector and it
is not able to decide whether it is one of the packets belonging to my_protocol.
So if there any way out under this situation of registering my dissector
Heuristically with TCP and UDP , I can identify the packets belonging to
My_protocol especially for UDP case.
So that it doesnt happen that any junk UDP packets gets dissected just because it fulfilled initial conditions.
Any suggestion and help will be highly appreciated.
Looking forward to hear on this.
Thanks and Regards
Hemant Kumar
-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris
Sent: Wednesday, July 23, 2008 12:05 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Dissector Registration Query
On Jul 23, 2008, at 11:42 AM, Kumar, Hemant wrote:
> register_dissector("myprotocol", dissect_myprotocol_tcp,
> proto_myprotocol);
> register_dissector("myprotocol", dissect_myprotocol_udp,
> proto_myprotocol);
...
> Can you please suggest where I am going wrong? Is it to do with
> multiple registrations with the same name?
Yes.
Heuristic dissectors are different from the dissectors you register
with register_dissector(), so just get rid of those
register_dissector() calls.
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-dev
