Re: [Wireshark-dev] heuristic Dissector vs. normal dissector

Wed, 27 Aug 2008 15:11:50 -0700 

The Wireshark will not identify your dissector.
Basically lets assume your protocol dissector runs under TCP then , if you have 
heuristically registered
Your dissector with the ffunction

heur_dissector_add("tcp", dissect_your_protocol_tcp, proto_your 
protocolrefernce);

________________________________
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Stevens
Sent: Wednesday, August 27, 2008 2:57 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] heuristic Dissector vs. normal dissector

Thanks for the information!

But, without a Port number, how can wireshark find (identify) the correct 
dissector for the incoming packets. What are specific criteria? Maybe you can 
give me an example. I'm a bit slow on the uptake at the moment.

Greetings Tom (Germany)


2008/8/27 Kumar, Hemant <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>>

Basically Heuristic Dissector means that your dissector will accept all the 
Traffic Packets and will not segregate based on port number.

So to identify your own custom dissector protocol messages you have to separate 
out the packets based on certain criteria specific to your

Protocol.

And a normal dissector is registered with the Wireshark  based on port 
information which tells the Wireshark on which port your message is

Going to be exchanges.



I hope it clarifies.



Hemant.



________________________________

From: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> [mailto:[EMAIL 
PROTECTED]<mailto:[EMAIL PROTECTED]>] On Behalf Of Tom Stevens
Sent: Wednesday, August 27, 2008 2:24 PM
To: [email protected]<mailto:[email protected]>
Subject: [Wireshark-dev] heuristic Dissector vs. normal dissector



Hi!

What are the differences between a heuristic dissector and a normal dissector. 
So far i have not considered heuristic dissectors, because I did not know what 
they are and how to use them.
Maybe you can help!

Thanks in advance Tom (Germany)

_______________________________________________
Wireshark-dev mailing list
[email protected]<mailto:[email protected]>
https://wireshark.org/mailman/listinfo/wireshark-dev


_______________________________________________
Wireshark-dev mailing list
[email protected]
https://wireshark.org/mailman/listinfo/wireshark-dev

Reply via email to