Wireshark mailing list archives
Re: Heuristic check of T.125 dissector
From: ronnie sahlberg <ronniesahlberg () gmail com>
Date: Tue, 25 Feb 2014 09:01:18 -0800
Wireshark has lots of reverse engineered protocols. So that should not stop you. For example, the whole CIFS/SMB family of protocols used to be reverse engineered, eventhough now in later times the documentation to those protocols are now available so errors in the decoding can be fixed. If the dissector is useful to others, then if it is based on reverse engineering instead of official documentation, include it. An incomplete, reverse engineered, dissector is better than no dissector at all. ronnie sahlberg On Tue, Feb 25, 2014 at 8:51 AM, Thomas Wiens <th.wiens () gmx de> wrote:
Without knowing the protocol, I'd say there's almost always room for improvement. Open a bug with a sample capture and see if someone can figure out how to strengthen the check.Ok, thanks. I will open a bug request then.ps. you mentioned your dissector is hosted on sourceforge; would you consider submitting it to Wireshark?The dissector is of a proprietary protocol which is completely reverse engineered. There is no official documentation available. The protocol is used in programmable logic controlles by Siemens, I think the most common vendor in Europe for those controllers. I don't know if there are other reverse engineered protocols in wireshark, but for myself I would like when the delivered plugins with wireshark refer to official documents or rfcs, and not guessed as my dissector. Is there a official wireshark point of view? The website is: http://sourceforge.net/projects/s7commwireshark/ There are some sample captures available. -- Regards Thomas Wiens ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Heuristic check of T.125 dissector Thomas Wiens (Feb 22)
- Re: Heuristic check of T.125 dissector Jeff Morriss (Feb 24)
- Re: Heuristic check of T.125 dissector Thomas Wiens (Feb 25)
- Re: Heuristic check of T.125 dissector ronnie sahlberg (Feb 25)
- Re: Heuristic check of T.125 dissector Thomas Wiens (Feb 25)
- Re: Heuristic check of T.125 dissector Jeff Morriss (Feb 24)