Wireshark-dev: Re: [Wireshark-dev] why cannot I use heur_dissector_add("ip", .....

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Sat, 25 Jun 2011 23:04:43 -0700
On Jun 25, 2011, at 10:26 PM, John x wrote:

> Why cannot I use ip, like: heur_dissector_add("ip", dissect_PROTOABBREV, proto_PROTOABBREV);   ?

Because IP has a protocol number field, and protocols running on top of IP are supposed to have a protocol number assigned to them, so a dissector for the protocol does not *need* to be a heuristic dissector - it just needs to register itself with the "ip.proto" protocol table with the protocol number.