Hi, Have a look in epan/packet.h and search for "heur".
Thanx, Jaap On Tue, 16 Jan 2007, Hal Lander wrote: > I am still struggling with this. > Is there any documentation on heur_dissector_add and where/how to call it? > > Also I presume from Guy's posting I have to add my protocol into some > tables? > > Hal > > >From: "sharon lin" <[EMAIL PROTECTED]> > >Reply-To: Developer support list for Wireshark > ><[email protected]> > >To: "Developer support list for Wireshark" <[email protected]> > >Subject: Re: [Wireshark-dev] Define dissector port > >Date: Tue, 16 Jan 2007 17:51:11 +0200 > > > >Add > >heur_dissector_add("udp", dissect_fring, proto_fring); > > heur_dissector_add("tcp", dissect_fring, proto_fring); > > > >On 1/16/07, Hal Lander <[EMAIL PROTECTED]> wrote: > >> > >>The word 'heuristic' only appears once in 'readme.developer', and although > >>I > >>have skimmed through the whole document I seem to have missed where it > >>tells > >>you how to make a dissector heuristic. > >> > >>Can you be more specific about where there is an example? > >>Can plugins be heuristic dissectors? > >> > >>Once a dissector is heuristic will it just look on all ports? > >> > >>Hal > >> > >> > >> > >> >From: Guy Harris <[EMAIL PROTECTED]> > >> >Reply-To: Developer support list for Wireshark > >> ><[email protected]> > >> >To: Developer support list for Wireshark <[email protected]> > >> >Subject: Re: [Wireshark-dev] Define dissector port > >> >Date: Mon, 15 Jan 2007 10:37:39 -0800 > >> > > >> >Hal Lander wrote: > >> > > Is there a way to get a dissector to run on all ports? > >> > > >> >A dissector that runs on all ports would have to be a heuristic > >> >dissector (otherwise, you wouldn't be able to dissect any TCP/UDP > >> >traffic except for traffic for your protocol). > >> > > >> >So the way you'd do that would be to have your dissector be able to look > >> >at a packet and determine whether it's a packet for your protocol or > >> >not, and use a check for that sort in your dissector. See > >> >doc/README.developer for information on how to make a heuristic > >> >dissector. The name of the heuristic dissector table for TCP is "tcp", > >> >and the table for UDP is "udp". > > _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
