Basically Heuristic Dissector means that your dissector will accept all the Traffic Packets and will not segregate based on port number. So to identify your own custom dissector protocol messages you have to separate out the packets based on certain criteria specific to your Protocol. And a normal dissector is registered with the Wireshark based on port information which tells the Wireshark on which port your message is Going to be exchanges.
I hope it clarifies. Hemant. ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Stevens Sent: Wednesday, August 27, 2008 2:24 PM To: [email protected] Subject: [Wireshark-dev] heuristic Dissector vs. normal dissector Hi! What are the differences between a heuristic dissector and a normal dissector. So far i have not considered heuristic dissectors, because I did not know what they are and how to use them. Maybe you can help! Thanks in advance Tom (Germany)
_______________________________________________ Wireshark-dev mailing list [email protected] https://wireshark.org/mailman/listinfo/wireshark-dev
