Wireshark-dev: Re: [Wireshark-dev] Heuristic check of T.125 dissector

From: ronnie sahlberg <ronniesahlberg@xxxxxxxxx>
Date: Tue, 25 Feb 2014 09:01:18 -0800
Wireshark has lots of reverse engineered protocols. So that should not stop you.

For example, the whole CIFS/SMB family of protocols used to be reverse
engineered, eventhough now in later times the documentation to those
protocols are now available so errors in the decoding can be fixed.


If the dissector is useful to others, then if it is based on reverse
engineering instead of official documentation,   include it.
An incomplete, reverse engineered, dissector is better than no dissector at all.


ronnie sahlberg


On Tue, Feb 25, 2014 at 8:51 AM, Thomas Wiens <th.wiens@xxxxxx> wrote:
>
>> Without knowing the protocol, I'd say there's almost always room for
>> improvement.  Open a bug with a sample capture and see if someone can
>> figure out how to strengthen the check.
>
> Ok, thanks. I will open a bug request then.
>
>> ps. you mentioned your dissector is hosted on sourceforge; would you
>> consider submitting it to Wireshark?
>
> The dissector is of a proprietary protocol which is completely reverse
> engineered. There is no official documentation available.
> The protocol is used in programmable logic controlles by Siemens, I
> think the most common vendor in Europe for those controllers.
>
> I don't know if there are other reverse engineered protocols in
> wireshark, but for myself I would like when the delivered plugins with
> wireshark refer to official documents or rfcs, and not guessed as my
> dissector.
> Is there a official wireshark point of view?
>
> The website is:
> http://sourceforge.net/projects/s7commwireshark/
>
> There are some sample captures available.
>
> --
> Regards
> Thomas Wiens
>
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe