Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] heuristic Dissector for Dummies

From: Ulf Lamping <ulf.lamping@xxxxxx>
Date: Sat, 06 Sep 2008 13:35:00 +0200
Maynard, Chris schrieb:
I think this information would best be placed in the doc/ directory,
either residing in its own README.heuristic file (with a mention of it
from README.developer) or residing directly in README.developer itself,
under its own section.  Wherever it lives, I think it would also be very
useful to include a heuristic dissector code skeleton, just as the
README.developer does now in section 1.2 for normal dissectors.

There may be general interest from the user's perspective, but I think
it's better to keep it simple.  Section 9.4 [of Wireshark-1.0.2] user
guide does a pretty nice job already, I think, although some dissectors,
UDP & TCP for instance, have a preference for controlling whether
heuristic dissectors are tried first or not, so that might also be worth
mentioning in the user guide (or maybe it is and I just didn't see it).

I don't know if that counts as a concrete idea or not, but it's my 2
cents.  (Of course with the exchange rate being so bad these days, it's
probably worth much less than that.)


Hi Chris!

I've just compiled doc/README.heuristic, containing my intro text and your code snippet - plus a little bit of editing.


@all: Feel free to have a look and send improvements ... or even better patches ;-)

Hope this helps,

Regards, ULFL