Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 2688] Mojito Protocol Dissestor Plugin

Wireshark-bugs: [Wireshark-bugs] [Bug 2688] Mojito Protocol Dissestor Plugin

Date: Tue, 26 Aug 2008 09:52:20 -0700 (PDT)

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2688





--- Comment #17 from Guy Harris <guy@xxxxxxxxxxxx>  2008-08-26 09:52:19 PDT ---
> I think I know how to do 'some' of this (basically once I determine if the
> packet is NOT a mojito packet, just return 0). But is there any way to make it
> look at every udp packet to find out if something IS mojito, like say 'look at
> byte offset x and if its 0x44 then its Mojito'??? 

Have the dissector return a gboolean - TRUE if it's a Mojito packet, FALSE
otherwise - and register it as a "heuristic" dissector for UDP with

    heur_dissector_add("udp", dissect_mojito, proto_mojito);

That won't look at *every* UDP packet - other heuristic dissectors might be
called first, and if they think the packet is one of theirs, they'll dissect it
and you won't see it.

NOTE: your heuristic for determining whether the packet is a Mojito packet
should be as strong as possible.  "If there's a 0x44 at this offset, it's
Mojito" is probably not strong enough.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

Prev by Date: [Wireshark-bugs] [Bug 2827] Wireshark takes all processor time when I want to show content of large . jpeg file transmited via HTTP. The file is splitted to lot of small partial TCP packets.
Next by Date: [Wireshark-bugs] [Bug 2785] RSVP message seems not be parsed correctly
Previous by thread: [Wireshark-bugs] [Bug 2688] Mojito Protocol Dissestor Plugin
Next by thread: [Wireshark-bugs] [Bug 2688] Mojito Protocol Dissestor Plugin
Index(es):
- Date
- Thread