On Wed, Oct 04, 2006 at 01:54:41AM +1000, ronnie sahlberg wrote:
> since this uses a ephemeral port number which changes between runs you
> should not register the dissector to the port itself
>
> much better is to once you have detected that port A on host B uses
> that protocol you create a conversation for host B port A and register
> the dissector for that particular protocol.
>
> you can see examples of how this is done in (i think) the dissector
> for portmapper
There are a couple reasons the dissector itself registers a port. The
first is that the decode as option doesn't appear to work until it has
registered itself on a port (such as 0). The second is that there is a
preference setting to always dissect a certain port's traffic as newmail
because you can modify the client's registry to always use the same port
number. This feature is often used in firewalled environments so all
clients use the same port number every time. This setting avoids the
need to see the mapi register push notification packet if the port will
always be the same. I'm open to any ideas on a better way to accomplish
this.
Thanks,
Steve