Toralf, Please also change the // comments to /* ones.
Please make it hauristic and test if it looks like ICT and return TRUE if it does and is dissected or FALSE if it doesnt look like this protocol and the packet should be given to some other dissector instead. Since this protocol appears to be ASCII based a simple enough heuristic could probably be to just check that the first 4-8 bytes of the packet are all ASCII characters or something. Do you have an example capture for this protocol? On 9/6/06, Jaap Keuter <[EMAIL PROTECTED]> wrote: > Hi, > > Good start. Since port 1510 is assigned to another protocol, according to > IANA (http://www.iana.org/assignments/port-numbers) : > mvx-lm 1510/udp Midland Valley Exploration Ltd. Lic. Man. > it may prove valuable to have some heuristic in there and return a boolean > to indicate a hit or miss. > > Thanx, > Jaap > > > On Tue, 5 Sep 2006, Toralf [iso-8859-1] Förster wrote: > > > Ehm, now with the attached file ... > > > > Playing with wireshark and refreshing my burried C knowledge I created a > new dissector for the protocol > > by shameless copying most of it from packet-daytime.c and others. > > > > The protocol itself is simple enough, a simple string as the payload of > an udp packet, string parts are divided by a ":". > > I'm interesting whether the implementation would be ok and what could be > make better. > > > > Thanks for any reply. > > > > -- > > MfG/Sincerely > > Toralf Förster > > > > > _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
