Basically Heuristic Dissector means that
your dissector will accept all the Traffic Packets and will not segregate based
on port number.
So to identify your own custom dissector
protocol messages you have to separate out the packets based on certain criteria
specific to your
Protocol.
And a normal dissector is registered with
the Wireshark based on port information which tells the Wireshark on which
port your message is
Going to be exchanges.
I hope it clarifies.
Hemant.
From:
wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On
Behalf Of Tom Stevens
Sent: Wednesday, August 27, 2008
2:24 PM
To: wireshark-dev@xxxxxxxxxxxxx
Subject: [Wireshark-dev] heuristic
Dissector vs. normal dissector
Hi!
What are the differences between a heuristic dissector and a normal dissector.
So far i have not considered heuristic dissectors, because I did not know what
they are and how to use them.
Maybe you can help!
Thanks in advance Tom (Germany)