Ethereal-dev: Re: [Ethereal-dev] RE: Missing UUID inference

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 24 Oct 2003 20:44:49 -0700

On Oct 24, 2003, at 8:39 PM, Tim Potter wrote:


I started down the path of implementing this a few weeks ago.  The idea
was to iterate over every dcerpc dissector we know about, and call the
correct subdissector within a TRY{} block.  If a BoundsError exception
was called or there was leftover data then the pipe is the wrong one.


Or the dissector is the *right* one, but

	1) the packet is malformed

or

	2) the dissector is buggy.
For my regression testing, I'd want to be able to turn that mechanism *OFF*, so that I see dissector bugs.... 


This is basically what a heuristic dissector does.


No, what a heuristic dissector does is
1) check whether the data it'll look at in order to determine if the packet is for it is present in the tvbuff - if not, it says "this packet isn't mine";
2) check that data to see if it looks as if the packet is for it (which won't throw an exception, because of the check in 1) - if it's not, it says "this packet isn't mine";
3) otherwise, it dissects the packet and, if no exception is thrown, it says "this packet is mine". If an exception *is* thrown, no other dissector is tried.