Attached is a patch for making the SIP dissector heuristic.
This is quite handy for SIP testing when other ports than 5060 are used.
--- packet-sip.c.orig Wed May 8 21:28:07 2002
+++ packet-sip.c Wed May 8 21:28:14 2002
@@ -274,6 +274,40 @@
proto_register_subtree_array(ett, array_length(ett));
}
+static gboolean
+dissect_sip_heur( tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree )
+{
+ gint eol, next_offset;
+
+ if (!proto_is_protocol_enabled(proto_sip))
+ return FALSE; /* SIP has been disabled */
+
+ /* This is a heuristic dissector, which means we get all the
+ * UDP and TCP traffic not sent to a known dissector and not claimed by
+ * a heuristic dissector called before us!
+ * So we first check if the frame is really meant for us.
+ */
+
+ /* check for a request */
+
+ if (tvb_strneql(tvb, 0, SIP2_HDR, SIP2_HDR_LEN) != 0 ) {
+
+ eol = tvb_find_line_end(tvb, 0, -1, &next_offset);
+
+ /* check for a response */
+ if ((eol > (gint)SIP2_HDR_LEN) && (tvb_strneql(tvb, eol -
SIP2_HDR_LEN + 1, SIP2_HDR , SIP2_HDR_LEN - 1) != 0))
+ return FALSE;
+ }
+
+ /*
+ * The message seems to be a valid SIP message!
+ */
+ dissect_sip( tvb, pinfo, tree );
+
+ return TRUE;
+}
+
+
void
proto_reg_handoff_sip(void)
{
@@ -282,6 +316,9 @@
sip_handle = create_dissector_handle(dissect_sip, proto_sip);
dissector_add("tcp.port", TCP_PORT_SIP, sip_handle);
dissector_add("udp.port", UDP_PORT_SIP, sip_handle);
+
+ heur_dissector_add( "udp", dissect_sip_heur, proto_sip );
+ heur_dissector_add( "tcp", dissect_sip_heur, proto_sip );
/*
* Get a handle for the SDP dissector.