> > I want to sniff some packets that are not bound to a known port/protocol
> > combination. Wouldn't it be easier if it was possible to assign a (known)
> > protocol to a frame?
> Assign it to a particular frame, by hand?
Well, yes, via a menu is the easiest way (right-clicking anyone?)
> Or say "in this capture, UDP port XXX is for protocol YYY", or something
> such as that?
Well, something like that. f.i.:
Frame Type From To
1. http 2010 80
2. ftp 3030 5434
3. tcp 1010 2020
5. http 3030 80
And that you can say "treat frame 3 as if it were a http message" or some other type.
I know this might lead to problems when the frame is fragmented, but that's a known
problem, right?.
I'm thinking of implementing a dissector fro a certain protocol and some messages
are from / to a known port, but others are from / to arbitrary ports. The unknown ports
were exchanged at some point via the known ports, but if I missed that or I'm to lazy
to implement something that remembers these things it would be nice to be able to
assign a type to a frame.
Is this clear enough?
--
Andreas Sikkema
andreas.sikkema@xxxxxxxxxxx