Dear Developers
I think I was able to pinpoint a long standing problem with the ASN1
dissector (plugin), and I wonder whether other users have the same
experience.
The ASN1 dissector works fine if you specify an "ASN.1 type table
file" in the preference. It automatically dissects packets send to the
configured ports, and you can use the context menu entry "Decode As
..." to force dissection as ASN1.
However, if the field "ASN.1 type table file" is empty, the dissector
does not work. It does not recognize packets send to the specified
ports, and it does not appear in the list of dissectors under "Decode
As ...". I find this a rather strange behaviour, and I could not find
any hint in the code that this would be intended. (I need to get my
debugger working to find out why it might happen unintentionally.)
So is this problem indeed unintended? If so, I could try to produce a
fix. The only reservation that I have is that it may make Wireshark
more vulnerable, because the ASN1 dissector certainly still has a few
rough edges. Since the default setting basically disables the
dissector, no vulnerability is reach. However, if I fix this issue,
the dissector would automatically dissect everything on port 801 (by
default).
So should the ASN1 dissector be disabled by default, or can I just fix
the issue, and thereby enable the dissector by default?
Yours,
Thomas