|
I just happened to turn on console printing to troubleshoot a different problem and I'm getting a couple of interesting messages when I change my protocol preferences.
Duplicate dissectors (anonymous) and (anonymous) for protocol xxx in dissector table tcp.port
Protocol <Protocol Description> is already registered in "udp" table.
I have a proto_reg_handoff_xxx that creates a couple of TCP port dissector handles using 'dissector_add_uint("tcp.port", MY_TCP_PORT, tcp_handle)', and a UDP heuristic dissector 'heur_dissector_add("udp", dissect_xxx_udp_heur, "<Protocol Description>", "xxx",
proto_xxx, HEURISTIC_ENABLE)'.
My question is whether I'm doing something not recommended. The protocol uses both TCP and UDP packets to send data, and I've lumped it under one "xxx" protocol. For the most part, it hasn't been an issue operationally, but I'm wondering if there's a better
way to do it so I don't have these messages. I haven't looked at the console output in detail before, so I've missed this up till now.
Is there any advice about dissecting a protocol that appears on both TCP and UDP streams and using the same name, or what I'm doing specifically that's causing it? The messages have the same format, but the packaging in the TCP vs the UDP streams is slightly
different.
Best regards,
John D.
| 
