Ethereal-dev: Re: [ethereal-dev] RPC dissector

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>
Date: Fri, 29 Oct 1999 10:33:51 -0700 (PDT)
> > the TCP and UDP dissectors currently contain that type
>       ~~~                    ~~~~~~~~~~~~~~~~~
> There is no such code currently in dissect_tcp().

"That type of heuristic" should perhaps been phrased as "Heuristics";
"dissect_tcp()" contains

        /* check existence of high level protocols */
 
        if (memcmp(&pd[offset], "GIOP",  4) == 0) {
          dissect_giop(pd, offset, fd, tree);
        }
        else if ( PORT_IS(TCP_PORT_YHOO) &&
                (memcmp(&pd[offset], "YPNS",  4) == 0 ||
                        memcmp(&pd[offset], "YHOO",  4) == 0 )) {
          dissect_yhoo(pd, offset, fd, tree);
        }

which are heuristics that look at the payload to figure out what type of
protocol it is, just as the heuristics done for ONC RPC are.