Ethereal-dev: Re: [Ethereal-dev] decode as... and heuristics

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: didier <dgautheron@xxxxxxxx>
Date: Mon, 13 Oct 2003 22:27:42 +0000
Guy Harris wrote:


On Oct 12, 2003, at 8:58 AM, didier wrote:
Heuristics are always tried, even if 'do not decode' is set in 'decode as...' dialog box. Do not decode aren't shown in 'show current' too.
"Do not decode" means "remove an entry for the protocol and port", not "put in an entry that keeps it from ever being decoded as this", so there's nothing to show in "show current", and it doesn't affect heuristic dissectors. 
Ok .
If a heuristic dissector is dissecting traffic that's not for its protocol, that's a bug in the dissector. When are you seeing this happen?
Not really, I have stuff without dissector wrongly decoded as DCERPC but it looks like DCERPC. I'd like to see the TCP summary in the first pane not [Desegmented TCP], TCP len parameter is a good enough dissector.
May be we could remove 'do not decode' and define a new protocol 'undecode' whatever?
We already support completely disabling protocols; would that be sufficient? 
there's DCERPC traffic too.

Didier