Re: False positive from the new "Look for incomplete dissectors" function.

[Dario Lombardo <dario.lombardo.ml () gmail com>]

On Fri, Feb 13, 2015 at 5:15 PM, Jeff Morriss <jeff.morriss.ws () gmail com>
wrote:

> I have to admit that I like being able to click on a byte and see what
> field it maps to.  From that perspective I like when padding is claimed by
> the dissector which knew it was padding.  And when CR+NL are claimed by the
> item which they terminate.
>
> If this functionality encourages dissectors to claim all the bytes used by
> their protocol that is, in my opinion, a good thing.

Actually they are 2 different things. An "undissected" byte is a byte
claimed by a protocol, but not actually dissected. This is the case of a
text prootocol where CR/LF are part of the claimed bytes, but they're not
dissected by a specific proto_add_something(). Clinking on one of them will
bring you to the "parent" protocol (VoIP for example).

Another thing is "unclaimed" bytes. They are bytes that have not been
claimed by any dissector. Clicking on one of them will not bring to
anything. I'm working on this feature now.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe