Wireshark · Ethereal-dev: RE: [ethereal-dev] Re:

[Richard Sharpe <sharpe@xxxxxxxxxx>]

At 09:32 PM 7/5/99 -0400, "Farley, Tim (ISSAtlanta)" wrote:
>Richard Sharpe wrote:
>>At the moment, I am focussed on a build-time system, but I now tend to
>>agree, after seeing Laurent's posting about binary distributions, like 
>>the Linux world that I live in, that a run-time interpreter may be needed.
>>
>>More thought is needed.
>
>Of course, the building one does not preclude building the other.  There are
>always going to be troublesome protocols with special cases that just
>require some work in C to get them decoded properly.  So designing a
>run-time interpreter that covers all cases might be an unreachable goal.

Yes, I agree.  I need to see examples of what other groups are doing.  The
NDG EtherBouy or what ever, is said to include a run-time interpreter as
well, but I have yet to see what they provide.

>However, there is still value in covering some of the easier cases with a
>run-time system.  A simple run-time interpreter that could be configured
>fairly easily would be a neat feature and would catch attention.  Especially
>if there were a way to program it visually by using actual packets as a
>guide.  I don't know of any commercial product that can be adapted to new
>protocols this way.

Wow, what an idea.  This would be great, but perhaps beyond me at the
moment.  I only work on Ethereal in my spare time, like before Samba
tutorials last Sunday, and while I am on the road giving Linux and/Or
TCP/IP courses, or on the plane on the way back from such things (Since I
am about an hour an a half away from Sydney, I can usually get an hour's
worth of work in on the plane, and I often get upgrades to business class,
so I have plenty of room. Indeed, I had a spare seat next to me last night,
and two lap-tops, plus thin wire cable, so I could have set up a little
network on the plane--A bit of folk-lore, Andre Tridgell and someone else
from the Samba team did that on the flight from Sydney to LA a year or two
ago on the way to a CIFS conference, would have been great to see).

>Another way to approach this would be to look for cases where protocol
>definitions already exist in other forms and use them as your input.  I've
>long thought it would be cool to have a packet capture product that could
>read the same input files that rpcgen uses in order to interpret Sun RPC
>requests.  That way you could just feed it the .X file for your RPC program,
>and the packet capture tool would be able to decode requests using the same
>nomenclature the program does internally.  

Hmmm, yes, this would be interesting too. I need to look at what the
tcpdump folks have done, as well. Someone here suggested trying to use an
aproach that can be given back to tcpdump, but I have heard of suggestions
that the LBL folks would not accept updates to Telnet under tcpdump because
that would have made it easier to sniff passwords.

However, being able to read the input files that rpcget uses and build a
decoder would be useful ...

>To cover the cases not reached by the above, a more full-featured build time
>system for automatically generating C code would be of value as well.
>Especially if the generated C code could then be tweaked by a knowledgeable
>programmer.

This is what I am working on now, but need some input.  I probably need to
post my Perl program, but then people would see how ugly it is.

>Basically, I think both approaches have value, for different reasons.
>
>=====================================
>Tim Farley
>Software Engineer
>tfarley@xxxxxxx

Damn, if only I could spend more time on Ethereal!  Need to find a sponsor.


Regards
-------
Richard Sharpe, sharpe@xxxxxxxxxx, NS Computer Software and Services P/L,
Samba (Team member www.samba.org), Ethereal (Team member www.zing.org)
Co-author, SAMS Teach Yourself Samba in 24 Hours