Wireshark mailing list archives

Re: Duplicate heuristic short_name "XYZ"

From: Guy Harris <guy () alum mit edu>
Date: Sun, 3 Jan 2016 11:41:56 -0800


On Jan 3, 2016, at 9:35 AM, Michael Mann <mmann78 () netscape net> wrote:

To make Decode As less confusing, Wireshark is enforcing unique protocols for each table so duplicate entries don't 
show up in a Decode As list.  This was a bigger problem with TCP and UDP were 1 protocol would have multiple 
dissectors that would do drastically different dissection, but you couldn't tell which was which from the dialog.


Most - but not all! - protocols that run over both TCP and UDP have a different encapsulation over TCP, as a packet 
length field has to be added when running over TCP (as the service TCP offers is a byte stream service, not a packet 
service).

But if you have a protocol that runs over multiple lower-level protocols, and *doesn't* require different 
encapsulations when run over different protocols, it *really* shouldn't be described as N different protocols based 
solely on running atop N different lower-level protocols.

And that applies equally strongly to a heuristic vs. a non-heuristic dissector - the protocols aren't different based 
solely on whether the dissector looks at the packet data or whether it's invoked for particular values of a lower-level 
protocol field.

(And, frankly, I find

        Aeron                                   Aeron Protocol
            aeron_udp                           Aeron over UDP

confusing, so I'm not convinced this policy makes Decode As *usefully* less confusing.  If "Aeron over UDP" is 
disabled, does that mean that Wireshark will *never* treat *any* UDP packets as Aeron packets under *any* circumstances 
with *any* configuration of Wireshark, including Decode As?)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

rrc-lte over udp Karunkaran Kumar (Jan 02)
- Re: rrc-lte over udp Pascal Quantin (Jan 02)
  - Re: rrc-lte over udp Karunkaran Kumar (Jan 03)
    - Re: rrc-lte over udp Pascal Quantin (Jan 03)
    - Re: rrc-lte over udp Karunkaran Kumar (Jan 04)
- Duplicate heuristic short_name "XYZ" Oleksii Shevchuk (Jan 03)
  - Re: Duplicate heuristic short_name "XYZ" Michael Mann (Jan 03)
    - Re: Duplicate heuristic short_name "XYZ" Guy Harris (Jan 03)