I am still struggling with this. Is there any documentation on heur_dissector_add and where/how to call it?
Also I presume from Guy's posting I have to add my protocol into some tables? Hal >From: "sharon lin" <[EMAIL PROTECTED]> >Reply-To: Developer support list for Wireshark ><wireshark-dev@wireshark.org> >To: "Developer support list for Wireshark" <wireshark-dev@wireshark.org> >Subject: Re: [Wireshark-dev] Define dissector port >Date: Tue, 16 Jan 2007 17:51:11 +0200 > >Add >heur_dissector_add("udp", dissect_fring, proto_fring); > heur_dissector_add("tcp", dissect_fring, proto_fring); > >On 1/16/07, Hal Lander <[EMAIL PROTECTED]> wrote: >> >>The word 'heuristic' only appears once in 'readme.developer', and although >>I >>have skimmed through the whole document I seem to have missed where it >>tells >>you how to make a dissector heuristic. >> >>Can you be more specific about where there is an example? >>Can plugins be heuristic dissectors? >> >>Once a dissector is heuristic will it just look on all ports? >> >>Hal >> >> >> >> >From: Guy Harris <[EMAIL PROTECTED]> >> >Reply-To: Developer support list for Wireshark >> ><wireshark-dev@wireshark.org> >> >To: Developer support list for Wireshark <wireshark-dev@wireshark.org> >> >Subject: Re: [Wireshark-dev] Define dissector port >> >Date: Mon, 15 Jan 2007 10:37:39 -0800 >> > >> >Hal Lander wrote: >> > > Is there a way to get a dissector to run on all ports? >> > >> >A dissector that runs on all ports would have to be a heuristic >> >dissector (otherwise, you wouldn't be able to dissect any TCP/UDP >> >traffic except for traffic for your protocol). >> > >> >So the way you'd do that would be to have your dissector be able to look >> >at a packet and determine whether it's a packet for your protocol or >> >not, and use a check for that sort in your dissector. See >> >doc/README.developer for information on how to make a heuristic >> >dissector. The name of the heuristic dissector table for TCP is "tcp", >> >and the table for UDP is "udp". >> >_______________________________________________ >> >Wireshark-dev mailing list >> >Wireshark-dev@wireshark.org >> >http://www.wireshark.org/mailman/listinfo/wireshark-dev >> >>_________________________________________________________________ >>Your Hotmail address already works to sign into Windows Live Messenger! >>Get >>it now >> >>http://clk.atdmt.com/MSN/go/msnnkwme0020000001msn/direct/01/?href=http://get.live.com/messenger/overview >> >>_______________________________________________ >>Wireshark-dev mailing list >>Wireshark-dev@wireshark.org >>http://www.wireshark.org/mailman/listinfo/wireshark-dev >> >_______________________________________________ >Wireshark-dev mailing list >Wireshark-dev@wireshark.org >http://www.wireshark.org/mailman/listinfo/wireshark-dev _________________________________________________________________ Fixing up the home? Live Search can help http://imagine-windowslive.com/search/kits/default.aspx?kit=improve&locale=en-US&source=hmemailtaglinenov06&FORM=WLMTAG _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev