I'd vote for this (if my vote counts). It would be nice if we could at
least override what is detected by the heuristics.
Fred Reimer
Eclipsys Corporation
> -----Original Message-----
> From: ethereal-dev-admin@xxxxxxxxxxxx
> [mailto:ethereal-dev-admin@xxxxxxxxxxxx]On Behalf Of Guy Harris
> Sent: Thursday, October 12, 2000 4:51 AM
> To: Guy Harris
> Cc: andreas.sikkema@xxxxxxxxxxx; ethereal-dev@xxxxxxxxxxxx
> Subject: Re: [Ethereal-dev] add "/Capture/Stop" menu item
>
>
> On Thu, Oct 12, 2000 at 01:40:45AM -0700, Guy Harris wrote:
> > I'm now looking at debugging some problems caused by the
> Q.931 heuristic
> > dissector being called by the TCP dissector - it crashed
> Tethereal when
> > I did a regression test on some traces, so I'm not yet
> ready to check in
> > the Q.931 dissector.
>
> It misidentified what I think is an SSH connection as a connection
> containing Q.931 traffic.
>
> SSH traffic is likely to look like random bytes; I suspect the
> heuristics for Q.931 aren't strong enough to filter out that random
> traffic.
>
> Is this something that would be better handled by providing
> something in
> the user interface to allow the user (probably equipped with a very
> powerful highly-parallel pattern-matching processor capable
> of executing
> far more sophisticated heuristics than Ethereal is likely to have, at
> least in the near future) to specify that a given
> conversation is to be
> treated as traffic of a given sort, rather than by having a
> simple-minded program attempt to guess the traffic type?
>
> The capture was one that I think Gilbert sent me; it was a
> trace of ISDN
> traffic from his Toshiba modem, called "toshiba-isdn-hangup" (it's not
> the "toshiba.general" trace on the Ethereal Web site).
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>
