Ethereal-dev: Re: [Ethereal-dev] add "/Capture/Stop" menu item

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <gharris@xxxxxxxxxxxx>
Date: Thu, 12 Oct 2000 01:51:23 -0700
On Thu, Oct 12, 2000 at 01:40:45AM -0700, Guy Harris wrote:
> I'm now looking at debugging some problems caused by the Q.931 heuristic
> dissector being called by the TCP dissector - it crashed Tethereal when
> I did a regression test on some traces, so I'm not yet ready to check in
> the Q.931 dissector.

It misidentified what I think is an SSH connection as a connection
containing Q.931 traffic.

SSH traffic is likely to look like random bytes; I suspect the
heuristics for Q.931 aren't strong enough to filter out that random
traffic.

Is this something that would be better handled by providing something in
the user interface to allow the user (probably equipped with a very
powerful highly-parallel pattern-matching processor capable of executing
far more sophisticated heuristics than Ethereal is likely to have, at
least in the near future) to specify that a given conversation is to be
treated as traffic of a given sort, rather than by having a
simple-minded program attempt to guess the traffic type?

The capture was one that I think Gilbert sent me; it was a trace of ISDN
traffic from his Toshiba modem, called "toshiba-isdn-hangup" (it's not
the "toshiba.general" trace on the Ethereal Web site).