Wireshark · Wireshark-dev: Re: [Wireshark-dev] why cannot I use heur_dissector

Wireshark-dev: Re: [Wireshark-dev] why cannot I use heur_dissector_add("ip", .....

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Sun, 26 Jun 2011 11:58:17 -0700

On Jun 25, 2011, at 11:45 PM, John x wrote:

> but here I want to use ip.ttl to instruct wireshark to handoff packet to my dissector.

Why?  The TTL value changes in-flight, so it cannot be meaningfully used to distinguish what protocol is being carried in an IP packet.

> In my specific situation, ip.ttl is my only way to distinguish my packets.

What is your specific situation?  What is it you're trying to do?

Follow-Ups:
- Re: [Wireshark-dev] why cannot I use heur_dissector_add("ip", .....
  - From: John x

References:
- [Wireshark-dev] why cannot I use heur_dissector_add("ip", .....
  - From: John x
- Re: [Wireshark-dev] why cannot I use heur_dissector_add("ip", .....
  - From: Guy Harris
- Re: [Wireshark-dev] why cannot I use heur_dissector_add("ip", .....
  - From: John x

Prev by Date: Re: [Wireshark-dev] How to build on MACOS (with revised instructions)
Next by Date: Re: [Wireshark-dev] How to build on MACOS (with revised instructions)
Previous by thread: Re: [Wireshark-dev] why cannot I use heur_dissector_add("ip", .....
Next by thread: Re: [Wireshark-dev] why cannot I use heur_dissector_add("ip", .....
Index(es):
- Date
- Thread