Ethereal-dev: Re: [Ethereal-dev] IrDA dissector plugin

Note: This archive is from the project's previous web site, This list is no longer active.

From: "Pia Sahlberg" <piabar@xxxxxxxxxxx>
Date: Fri, 19 Dec 2003 04:02:50 +0000
We already do SCSI ontop of FC and ontop of iSCSI and ontop of NDMP
and , i guess, hyperscsi.

although we only do FC over IP or over broadwalk(cisco mds stuff)

We DEFINITELY need a raw FC encapculation so we can store raw FC frames in pcap, at least so that we an convert weirdo finisar captures to something ethereal can read without
needing to make up lots of fake encapsulation headers!

What happened with that FC frametype support for pcap (sorry for the wrong nomenclature, im not a libpcap person) that those cray massive parrallell processing people were talking about a year ago? it just died?

for scsi (agnostic of transport) we could use a SCSI frametype that just stored SCSI PDUs regardless of the transport (parallell/fc/iscsi/ndmp/... etc) (((type==command,datain,out,status, special)))
Useful for when sniffing a generic SCSI hba at the SCSI layer.

At least for USB it would be VERY useful. It would make it more easy for the USB folks to rev eng prop usb protocols so taht my devices i got from japan will work properly.

Incredibly more useful however, especially for protocol developers and modern cifs would be :
support for keytab files, krb5 and using the session key to decrypt traffic.

OK. First response is always "thats only useful for hackers": WRONG.
If someone already has aquired your keytab file and is a cracker, there are many other things he would use the keytab for. Using it for ethereal would be the last thing on a crackers mind.
See it as    If hte keytab file is lost   then it doesnt really matter what 
they do with it,   they already own your house and all other houses in the 
same city as well.    game over.

protocol developers and protocol analysts would find it very useful.

please someione look at opening the tickets using krb keytabs and using the session key to decrypt transactions.

From: Guy Harris Date: Thu, 18 Dec 2003 18:23:07 -0800

On Dec 17, 2003, at 7:22 PM, Pia Sahlberg wrote:

Since we do packet analysis we also need
Presumably meaning some way to capture and store in pcap files parallel 
SCSI.  iSCSI we already do, and we do FCP (SCSI-over-Fibre Channel) for 
FCIP, although we'd need some way to store FC in pcap files as well.
Hot chart ringtones and polyphonics. Go to