On Feb 5, 2014, at 12:21 AM, Michal Labedzki <michal.labed...@tieto.com> wrote:
> I am thinking about formats without any magic numbers - format that > beginning with first packet, like binary Logcat/Logger > (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8279) or raw > media file like file contains only SBC frames (see "libsbc"), etc > (formats without header). > > And fact that Wireshark do not only check magic bytes, but try all > open routine Wireshark *doesn't* try all open routines - once an open routine returns success, it stops. And it tries the magic number ones before the heuristics (this is by design and is what is intended). > is great feature (if magic bytes is ok, but payload is not) If the magic number is OK, but they payload is not, the probability is extremely high that you have a corrupted file, and forcing Wireshark to treat the file as being of another file format won't help. As far as I know, we've *never* had a problem with files of some non-magic-number format incorrectly being recognized as a file of some type with a magic number; all the problems we've seen have, not surprisingly, been with files that don't have magic numbers. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
