Re: Enabling/disabling ANY heuristic dissector

[Hadriel Kaplan <hadrielk () yahoo com>]

My 2 cents:

> On Jul 5, 2015, at 11:32 PM, Guy Harris <guy () alum mit edu> wrote:
>
> "Heuristic Protocol" or "Heuristic Dissector”?

While “Dissector” makes more sense to me personally, do most users/IT-folks understand what a “Dissector” is?  I think 
we’ve been conditioned to think of that word because we look at the code. But I could easily be wrong about that.


> Should we have a single table, listing protocols, with up to two checkboxes, one for the "identifier-based" dissector 
> (if any; leave the checkbox out if none) and one for the heuristic dissector (if any; leave the checkbox out if none)?

I think a single table will be more confusing since several protocols have heuristic dissectors for more than one 
underlying transport/protocol type.  Of course we could just enable/disable a protocol’s heuristics for all underlying 
transports as all-onf/off... but I’m just sure someone will have some reasonable use case for enabling heuristics for 
some protocol over TCP but not UDP or vice-versa, and then we’d be back to creating a preference for that protocol to 
do so.

In fact I’d probably be one of those people: if our RTP heuristic dissector supported TCP (for RFC 4571), I’d want it 
kept off on TCP always, but I used to have it turned on for UDP all the time in my previous job.

-hadriel

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe