I am still struggling with this.
Is there any documentation on heur_dissector_add and where/how to call it?
Also I presume from Guy's posting I have to add my protocol into some
tables?
Hal
>From: "sharon lin" <[EMAIL PROTECTED]>
>Reply-To: Developer support list for Wireshark
><wireshark-dev@wireshark.org>
>To: "Developer support list for Wireshark" <wireshark-dev@wireshark.org>
>Subject: Re: [Wireshark-dev] Define dissector port
>Date: Tue, 16 Jan 2007 17:51:11 +0200
>
>Add
>heur_dissector_add("udp", dissect_fring, proto_fring);
> heur_dissector_add("tcp", dissect_fring, proto_fring);
>
>On 1/16/07, Hal Lander <[EMAIL PROTECTED]> wrote:
>>
>>The word 'heuristic' only appears once in 'readme.developer', and although
>>I
>>have skimmed through the whole document I seem to have missed where it
>>tells
>>you how to make a dissector heuristic.
>>
>>Can you be more specific about where there is an example?
>>Can plugins be heuristic dissectors?
>>
>>Once a dissector is heuristic will it just look on all ports?
>>
>>Hal
>>
>>
>>
>> >From: Guy Harris <[EMAIL PROTECTED]>
>> >Reply-To: Developer support list for Wireshark
>> ><wireshark-dev@wireshark.org>
>> >To: Developer support list for Wireshark <wireshark-dev@wireshark.org>
>> >Subject: Re: [Wireshark-dev] Define dissector port
>> >Date: Mon, 15 Jan 2007 10:37:39 -0800
>> >
>> >Hal Lander wrote:
>> > > Is there a way to get a dissector to run on all ports?
>> >
>> >A dissector that runs on all ports would have to be a heuristic
>> >dissector (otherwise, you wouldn't be able to dissect any TCP/UDP
>> >traffic except for traffic for your protocol).
>> >
>> >So the way you'd do that would be to have your dissector be able to look
>> >at a packet and determine whether it's a packet for your protocol or
>> >not, and use a check for that sort in your dissector. See
>> >doc/README.developer for information on how to make a heuristic
>> >dissector. The name of the heuristic dissector table for TCP is "tcp",
>> >and the table for UDP is "udp".
>> >_______________________________________________
>> >Wireshark-dev mailing list
>> >Wireshark-dev@wireshark.org
>> >http://www.wireshark.org/mailman/listinfo/wireshark-dev
>>
>>_________________________________________________________________
>>Your Hotmail address already works to sign into Windows Live Messenger!
>>Get
>>it now
>>
>>http://clk.atdmt.com/MSN/go/msnnkwme0020000001msn/direct/01/?href=http://get.live.com/messenger/overview
>>
>>_______________________________________________
>>Wireshark-dev mailing list
>>Wireshark-dev@wireshark.org
>>http://www.wireshark.org/mailman/listinfo/wireshark-dev
>>
>_______________________________________________
>Wireshark-dev mailing list
>Wireshark-dev@wireshark.org
>http://www.wireshark.org/mailman/listinfo/wireshark-dev
_________________________________________________________________
Fixing up the home? Live Search can help
http://imagine-windowslive.com/search/kits/default.aspx?kit=improve&locale=en-US&source=hmemailtaglinenov06&FORM=WLMTAG
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
