On Jan 3, 2016, at 9:35 AM, Michael Mann <[email protected]> wrote:
> To make Decode As less confusing, Wireshark is enforcing unique protocols for
> each table so duplicate entries don't show up in a Decode As list. This was
> a bigger problem with TCP and UDP were 1 protocol would have multiple
> dissectors that would do drastically different dissection, but you couldn't
> tell which was which from the dialog.
Most - but not all! - protocols that run over both TCP and UDP have a different
encapsulation over TCP, as a packet length field has to be added when running
over TCP (as the service TCP offers is a byte stream service, not a packet
service).
But if you have a protocol that runs over multiple lower-level protocols, and
*doesn't* require different encapsulations when run over different protocols,
it *really* shouldn't be described as N different protocols based solely on
running atop N different lower-level protocols.
And that applies equally strongly to a heuristic vs. a non-heuristic dissector
- the protocols aren't different based solely on whether the dissector looks at
the packet data or whether it's invoked for particular values of a lower-level
protocol field.
(And, frankly, I find
Aeron Aeron Protocol
aeron_udp Aeron over UDP
confusing, so I'm not convinced this policy makes Decode As *usefully* less
confusing. If "Aeron over UDP" is disabled, does that mean that Wireshark will
*never* treat *any* UDP packets as Aeron packets under *any* circumstances with
*any* configuration of Wireshark, including Decode As?)
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
