Ethereal-dev: Re: [ethereal-dev] ONC RPC is simply an heuristic dissector

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Joshua Krage <jkrage@xxxxxxxxx>
Date: Mon, 17 Jul 2000 15:58:30 -0400
On Sun, Jul 16, 2000 at 08:44:42PM -0700, Guy Harris wrote:
> I suppose one (imperfect) fix would be a way for the user to force a
> given port number, or a given conversation, to be dissected as if it
> were a particular protocol.

This is a feature I'd love to see Ethereal support.  Many non-UNIX (and
some UNIX) platforms ignore the 'classic' ports breakup (<1024 is reserved)
and initiate network sessions from low-numbered ports.  My best example
is source port 111 to dest port 53 (UDP) for a DNS lookup.  Ethereal thought
it was a portmapper packet, and couldn't dissect it.  If I could force it
through a particular dissector, I could properly analyze the packet.  Right
now I'm at the mercy of the dissector's author.