Wireshark mailing list archives
Re: Heuristic check of T.125 dissector
From: Jeff Morriss <jeff.morriss.ws () gmail com>
Date: Mon, 24 Feb 2014 17:17:08 -0500
On 02/22/14 19:15, Thomas Wiens wrote:
Hi, I've written a wireshark dissector for communication between industrial control systems, which come as payload of cotp packets. But the packets are displayed as T.125 protocol, until I disable this protocol in wireshark settings to get my own dissector working.
[...]
So the second check (reminescence to Douglas Adams?) with the magical 42 comes in: (choice_index <=42) The check is marked with a comment: /* is this strong enough ? */ And I would answer: No, it is not. I've taken a look into the relevant source file "packet-per.c", where "choice_index" is the function parameter "val". But "val" is several times calculated, shifted and so on, that I don't know what value comes out. Is there a possibilitiy to make the heuristic check of the T.125 protocol stronger?
Without knowing the protocol, I'd say there's almost always room for improvement. Open a bug with a sample capture and see if someone can figure out how to strengthen the check.
ps. you mentioned your dissector is hosted on sourceforge; would you consider submitting it to Wireshark?
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Heuristic check of T.125 dissector Thomas Wiens (Feb 22)
- Re: Heuristic check of T.125 dissector Jeff Morriss (Feb 24)
- Re: Heuristic check of T.125 dissector Thomas Wiens (Feb 25)
- Re: Heuristic check of T.125 dissector ronnie sahlberg (Feb 25)
- Re: Heuristic check of T.125 dissector Thomas Wiens (Feb 25)
- Re: Heuristic check of T.125 dissector Jeff Morriss (Feb 24)