Wireshark-dev: Re: [Wireshark-dev] heuristic Dissector for Dummies

From: "Maynard, Chris" <Christopher.Maynard@xxxxxxxxx>
Date: Fri, 29 Aug 2008 18:36:52 -0400
I think this information would best be placed in the doc/ directory,
either residing in its own README.heuristic file (with a mention of it
from README.developer) or residing directly in README.developer itself,
under its own section.  Wherever it lives, I think it would also be very
useful to include a heuristic dissector code skeleton, just as the
README.developer does now in section 1.2 for normal dissectors.

There may be general interest from the user's perspective, but I think
it's better to keep it simple.  Section 9.4 [of Wireshark-1.0.2] user
guide does a pretty nice job already, I think, although some dissectors,
UDP & TCP for instance, have a preference for controlling whether
heuristic dissectors are tried first or not, so that might also be worth
mentioning in the user guide (or maybe it is and I just didn't see it).

I don't know if that counts as a concrete idea or not, but it's my 2
cents.  (Of course with the exchange rate being so bad these days, it's
probably worth much less than that.)

- Chris

> -----Original Message-----
> From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-
> bounces@xxxxxxxxxxxxx] On Behalf Of Ulf Lamping
> Sent: Friday, August 29, 2008 5:50 PM
> To: Developer support list for Wireshark
> Subject: Re: [Wireshark-dev] heuristic Dissector for Dummies
> 
> Peter Johansson schrieb:
> > Nicely put Ulf! This information is certainly a candidate for
addition
> > to the Wireshark Wiki.
> >
> 
> Thanks!
> 
> While writing it, I was having in mind to put it into the sources doc
> dir. As it turns out, this info might also be of general interest for
> the common WS user - so I'm not sure where's the best place to put it.
> 
> Concrete ideas?
> 
> Regards, ULFL

CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and 
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.