Wireshark · Wireshark-dev: Re: [Wireshark-dev] Overriding existing RPC-TCP heuristic dissector with another heuristic one

Wireshark-dev: Re: [Wireshark-dev] Overriding existing RPC-TCP heuristic dissector with another

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Thu, 1 Feb 2007 16:13:06 -0800


On Feb 1, 2007, at 3:31 PM, Shehjar Tikoo wrote:

I need to ensure that my RPC/NFS dissector runs before the defaultone.The problem is, even if I get the heuristics right(..which is,basically
asking for all NFS traffic..), there no guarantee that my heuristic
dissector will get the packets before the default one.

An RPC/NFS dissector shouldn't be *a* dissector, it should be *two*dissectors - one for ONC RPC, and one for NFS.

If you need to dissect ONC RPC differently from the way the ONC RPCdissector in Wireshark dissects it, either modify or replace the ONCRPC heuristic dissector.

If you need to dissect NFS differently from the way the NFS dissectorin Wireshark dissects NFS, either modify or replace the *non-heuristic* NFS dissector.

If you need to dissect both of them differently, modify or replaceboth dissectors.

Follow-Ups:
- Re: [Wireshark-dev] Overriding existing RPC-TCP heuristic dissector with another heuristic one
  - From: Shehjar Tikoo

References:
- Re: [Wireshark-dev] Overriding existing RPC-TCP heuristic dissector with another heuristic one
  - From: Jaap Keuter
- Re: [Wireshark-dev] Overriding existing RPC-TCP heuristic dissector with another heuristic one
  - From: Shehjar Tikoo

Prev by Date: Re: [Wireshark-dev] Overriding existing RPC-TCP heuristic dissector with another heuristic one
Next by Date: Re: [Wireshark-dev] Overriding existing RPC-TCP heuristic dissector with another heuristic one
Previous by thread: Re: [Wireshark-dev] Overriding existing RPC-TCP heuristic dissector with another heuristic one
Next by thread: Re: [Wireshark-dev] Overriding existing RPC-TCP heuristic dissector with another heuristic one
Index(es):
- Date
- Thread