http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=35116
User: morriss
Date: 2010/12/03 03:04 PM
Log:
From Andrew Feren via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5380 :
Comment in the code asked....
/*XXX: 2 bytes skipped ?? */
Here is what I have found.
The high byte (1) indicates the Classification Engine ID
The low bytes (3) indicate the application ID
Engine ID of 5 is NBAR Standard.
Engine ID of 6 is NBAR Custom.
Attached patch displays all 4 bytes (type and ID) in a readable way. Also
allows better filtering.
Directory: /trunk/epan/dissectors/
Changes Path Action
+14 -2 packet-netflow.c Modified