Wireshark-dev: Re: [Wireshark-dev] How to register the plugins

From: "Luis EG Ontanon" <luis@xxxxxxxxxxx>
Date: Wed, 16 Jul 2008 14:34:26 +0200
On Wed, Jul 16, 2008 at 8:55 AM,  <atdev.queries@xxxxxxxxx> wrote:
>
>
> It is a connection oriented message with CODT type
>
[...]
>
> I couldn't understand how bssap packet of same format (CODT) could able to dissect without SSN no. but the one which I wrote couldn't dissect them properly.

For Connection Oriented SCCP (and SUA) Wireshark needs to see the CC
because it contains the information that will be used to later know
how to dissect the payload of following messages. If your file does
not contain the CC msg for that call heuristics must be attempted to
find out what is the payload .


For the heuristic dissectors: It is your code for the xxx heuristics
that has to determine whether a packet is XXX or not and either return
1 (yes it is XXX), or 0 (no it s not XXX, try another). I do not
understand how and why if you are returning 0 after seeing that it is
not XXX wireshark will anyhow decode it as XXX. Most probably theree's
something broken in your heuristics.

\Lego

-- 
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan