<As I'm not an expert on this, only a little help:
<The "conversation" is about the grouping of several packets into a
conversation. This is <useful if relationships between packets are
interesting, e.g. to calculate the time <between two packets.
<IMO what you are looking for is heuristic. This way the lower layer
dissector will ask several <upper layer dissectors "do you think this packet
is for you?". The upper layer dissector will <try to see if some
characteristics are fulfilled (usually the first few bytes will follow a
<protocol specific pattern).
<As I don't have much knowledge on this topic, you may read
README.developer, the <Developer Guide and, of course, the source code of
some UDP based dissectors...
<Regards, ULFL
Thank you but i m in still in doubt : (
I've had a skim-through Readme.DEVELOPER e there is nothing about heuristic
(I'm referring to Readme.DEVELOPER-ethereal-0.10.12 version).
I've had a look at packet-http.c and there are very few lines on heuristic.
Anyway, In the guide it says:
dissector_add("udp.port", global_foo_port, foo_handle);
tells the main program to call the dissector when it gets UDP traffic on
that port.
Let's take the http dissector: the server communicates on 80, the client on
a not predetermined port. How does client-running-ethereal know on which
port the HTTP traffic coming from the server is received?!
Tell me more about heuristic (IF this is the solution) or the solution
itself and be patient :D
Thanx a lot
_________________________________________________________________
250MB per la tua casella di posta http://www.msn.it/hotmail/minisite_10
Trova immediatamente qualsiasi tipo di file.