Wireshark · Wireshark-dev: Re: [Wireshark-dev] Wiretap's mpeg decoder has weak magic for MPEG-PES

Wireshark-dev: Re: [Wireshark-dev] Wiretap's mpeg decoder has weak magic for MPEG-PES

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Sun, 16 Nov 2008 18:50:18 -0800


On Nov 16, 2008, at 6:38 PM, Stephen Fisher wrote:

One of the magic sequences in the wiretap mpeg decoder is pretty weak
and is grabbing files that belong to a new wiretap decoder I'mwriting.


By "wiretap decoder" do you mean "wiretap file reader"?

If so...

It is the sequence for MPEG-PES: 0x000001. The problem is that Ican't
find any way to strengthen it without the possibility of breaking
something.

...

P.S. The new wiretap decoder I've written reads in files from Apple's
PacketLogger bluetooth data capture program.

...and if PacketLogger files don't have a magic number, and if theheuristics for it are stronger than those for PES sequences, you couldput the entry for it before the entry for the MPEG file reader.

Follow-Ups:
- Re: [Wireshark-dev] Wiretap's mpeg decoder has weak magic for MPEG-PES
  - From: Stephen Fisher

References:
- [Wireshark-dev] Wiretap's mpeg decoder has weak magic for MPEG-PES
  - From: Stephen Fisher

Prev by Date: [Wireshark-dev] packet-dtls.c question
Next by Date: Re: [Wireshark-dev] Wiretap's mpeg decoder has weak magic for MPEG-PES
Previous by thread: [Wireshark-dev] Wiretap's mpeg decoder has weak magic for MPEG-PES
Next by thread: Re: [Wireshark-dev] Wiretap's mpeg decoder has weak magic for MPEG-PES
Index(es):
- Date
- Thread