Wireshark mailing list archives
Re: why cannot I use heur_dissector_add("ip", .....
From: Guy Harris <guy () alum mit edu>
Date: Sat, 25 Jun 2011 23:04:43 -0700
On Jun 25, 2011, at 10:26 PM, John x wrote:
Why cannot I use ip, like: heur_dissector_add("ip", dissect_PROTOABBREV, proto_PROTOABBREV); ?
Because IP has a protocol number field, and protocols running on top of IP are supposed to have a protocol number assigned to them, so a dissector for the protocol does not *need* to be a heuristic dissector - it just needs to register itself with the "ip.proto" protocol table with the protocol number. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- why cannot I use heur_dissector_add("ip", ..... John x (Jun 25)
- Re: why cannot I use heur_dissector_add("ip", ..... Guy Harris (Jun 25)
- Re: why cannot I use heur_dissector_add("ip", ..... John x (Jun 25)
- Re: why cannot I use heur_dissector_add("ip", ..... Guy Harris (Jun 26)
- Re: why cannot I use heur_dissector_add("ip", ..... John x (Jun 26)
- Re: why cannot I use heur_dissector_add("ip", ..... Guy Harris (Jun 26)
- Re: why cannot I use heur_dissector_add("ip", ..... John x (Jun 26)
- Re: why cannot I use heur_dissector_add("ip", ..... Guy Harris (Jun 26)
- Re: why cannot I use heur_dissector_add("ip", ..... John x (Jun 26)
- Re: why cannot I use heur_dissector_add("ip", ..... John x (Jun 25)
- Re: why cannot I use heur_dissector_add("ip", ..... Guy Harris (Jun 25)