Ethereal-dev: [ethereal-dev] Hello and a patch
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: James Coe <jammer@xxxxxxx>
Date: Mon, 06 Dec 1999 19:58:29 -0600
Hello, My name is Jamie Coe. I'm a network security analyst. I found Ethereal to be such a wonderful tool that I've started writing extensions to it. I am attaching a patch for the latest source tree to this message. The patch adds the 0.3 alpha version of my dissector for Service Location Protocol (SRVLOC) on port 427. It also modifies the NetWare Core Protocol (NCP) dissector to allow it to decode NCP over IP on port 524. Happy Sniffing, Jamie.
? packet-srvloc.c
? ncpip-and-srvloc.patch
Index: packet-ncp.c
===================================================================
RCS file: /cvsroot/ethereal/packet-ncp.c,v
retrieving revision 1.23
diff -u -r1.23 packet-ncp.c
--- packet-ncp.c 1999/11/18 01:45:02 1.23
+++ packet-ncp.c 1999/12/07 02:09:38
@@ -1,6 +1,7 @@
/* packet-ncp.c
* Routines for NetWare Core Protocol
* Gilbert Ramirez <gram@xxxxxxxxxxxxxxxxxxx>
+ * Modified to allow NCP over TCP/IP decodes by James Coe <jammer@xxxxxxx>
*
* $Id: packet-ncp.c,v 1.23 1999/11/18 01:45:02 guy Exp $
*
@@ -44,6 +45,8 @@
#include "packet-ncp.h"
static int proto_ncp = -1;
+static int hf_ncp_ip_ver = -1;
+static int hf_ncp_ip_sig = -1;
static int hf_ncp_type = -1;
static int hf_ncp_seq = -1;
static int hf_ncp_connection = -1;
@@ -75,6 +78,26 @@
int ncp_packet_init_count = 200;
+/* These are the header structures to handle NCP over IP */
+#define NCPIP_RQST 0x446d6454 // "DmdT"
+#define NCPIP_RPLY 0x744e6350 // "tNcP"
+
+struct ncp_ip_header {
+ guint32 signature;
+ guint32 length;
+};
+
+/* This header only appears on NCP over IP request packets */
+struct ncp_ip_rqhdr {
+ guint32 version;
+ guint32 rplybufsize;
+};
+
+static const value_string ncp_ip_signature[] = {
+ { NCPIP_RQST, "Demand Transport (Request)" },
+ { NCPIP_RPLY, "Transport is NCP (Reply)" },
+};
+
/* The information in this module comes from:
NetWare LAN Analysis, Second Edition
Laura A. Chappell and Dan E. Hakes
@@ -435,8 +458,21 @@
proto_tree *ncp_tree = NULL;
proto_item *ti;
int ncp_hdr_length = 0;
+ struct ncp_ip_header ncpiph;
+ struct ncp_ip_rqhdr ncpiphrq;
struct ncp_common_header header;
+ if ( pi.ptype == PT_TCP || pi.ptype == PT_UDP ) {
+ memcpy(&ncpiph, &pd[offset], sizeof(ncpiph));
+ ncpiph.signature = ntohl(ncpiph.signature);
+ ncpiph.length = ntohl(ncpiph.length);
+ offset += 8;
+ if ( ncpiph.signature == NCPIP_RQST ) {
+ memcpy(&ncpiphrq, &pd[offset], sizeof(ncpiphrq));
+ ncpiphrq.rplybufsize = ntohl(ncpiphrq.rplybufsize);
+ offset += 8;
+ };
+ };
memcpy(&header, &pd[offset], sizeof(header));
header.type = ntohs(header.type);
@@ -461,6 +497,14 @@
ti = proto_tree_add_item(tree, proto_ncp, offset, END_OF_FRAME, NULL);
ncp_tree = proto_item_add_subtree(ti, ett_ncp);
+ if ( pi.ptype == PT_TCP || pi.ptype == PT_UDP ) {
+ proto_tree_add_item(ncp_tree, hf_ncp_ip_sig, offset - 16, 4, ncpiph.signature);
+ proto_tree_add_text(ncp_tree, offset - 12, 4, "Length: %d", ncpiph.length);
+ if ( ncpiph.signature == NCPIP_RQST ) {
+ proto_tree_add_item(ncp_tree, hf_ncp_ip_ver, offset - 8, 4, ncpiphrq.version);
+ proto_tree_add_text(ncp_tree, offset - 4, 4, "Reply buffer size: %d", ncpiphrq.rplybufsize);
+ };
+ };
proto_tree_add_item_format(ncp_tree, hf_ncp_type,
offset, 2,
header.type,
@@ -865,6 +909,14 @@
{
static hf_register_info hf[] = {
+ { &hf_ncp_ip_sig,
+ { "NCP over IP signature", "ncp.ip.signature",
+ FT_UINT32, BASE_HEX, VALS(ncp_ip_signature), 0x0,
+ "NCP over IP transport signature"}},
+ { &hf_ncp_ip_ver,
+ { "Version", "ncp.ip.version",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ "NCP over IP verion"}},
{ &hf_ncp_type,
{ "Type", "ncp.type",
FT_UINT16, BASE_HEX, NULL, 0x0,
Index: packet-tcp.c
===================================================================
RCS file: /cvsroot/ethereal/packet-tcp.c,v
retrieving revision 1.50
diff -u -r1.50 packet-tcp.c
--- packet-tcp.c 1999/12/06 23:57:51 1.50
+++ packet-tcp.c 1999/12/07 02:09:44
@@ -97,7 +97,9 @@
#define TCP_PORT_NBSS 139
#define TCP_PORT_IMAP 143
#define TCP_PORT_BGP 179
+#define TCP_PORT_SRVLOC 427
#define TCP_PORT_PRINTER 515
+#define TCP_PORT_NCP 524
#define TCP_ALT_PORT_HTTP 8080
#define TCP_PORT_PPTP 1723
#define TCP_PORT_RTSP 554
@@ -537,6 +539,12 @@
} else if (PORT_IS(TCP_PORT_IRC)) {
pi.match_port = TCP_PORT_IRC;
dissect_irc(pd, offset, fd, tree);
+ } else if (PORT_IS(TCP_PORT_SRVLOC)) {
+ pi.match_port = TCP_PORT_SRVLOC;
+ dissect_srvloc(pd, offset, fd, tree);
+ } else if (PORT_IS(TCP_PORT_NCP)) {
+ pi.match_port = TCP_PORT_NCP;
+ dissect_ncp(pd, offset, fd, tree);
} else {
/* check existence of high level protocols */
Index: packet-udp.c
===================================================================
RCS file: /cvsroot/ethereal/packet-udp.c,v
retrieving revision 1.40
diff -u -r1.40 packet-udp.c
--- packet-udp.c 1999/12/05 02:32:39 1.40
+++ packet-udp.c 1999/12/07 02:09:46
@@ -73,10 +73,12 @@
#define UDP_PORT_NBNS 137
#define UDP_PORT_NBDGM 138
#define UDP_PORT_SNMP 161
+#define UDP_PORT_SRVLOC 427
#define UDP_PORT_PIM_RP_DISC 496
#define UDP_PORT_ISAKMP 500
#define UDP_PORT_RIP 520
#define UDP_PORT_RIPNG 521
+#define UDP_PORT_NCP 524
#define UDP_PORT_VINES 573
#define UDP_PORT_RADIUS 1645
#define UDP_PORT_RADIUS_NEW 1812
@@ -243,6 +245,8 @@
dissect_bootp(pd, offset, fd, tree);
else if (PORT_IS(UDP_PORT_DNS))
dissect_dns(pd, offset, fd, tree);
+ else if (PORT_IS(UDP_PORT_SRVLOC))
+ dissect_srvloc(pd, offset, fd, tree);
else if (PORT_IS(UDP_PORT_ISAKMP))
dissect_isakmp(pd, offset, fd, tree);
else if (PORT_IS(UDP_PORT_RIP)) {
@@ -250,6 +254,8 @@
dissect_rip(pd, offset, fd, tree);
} else if (PORT_IS(UDP_PORT_RIPNG))
dissect_ripng(pd, offset, fd, tree);
+ else if (PORT_IS(UDP_PORT_NCP))
+ dissect_ncp(pd, offset, fd, tree);
else if (PORT_IS(UDP_PORT_NBNS))
dissect_nbns(pd, offset, fd, tree);
else if (PORT_IS(UDP_PORT_NBDGM))
Index: packet.h
===================================================================
RCS file: /cvsroot/ethereal/packet.h,v
retrieving revision 1.157
diff -u -r1.157 packet.h
--- packet.h 1999/12/06 23:57:51 1.157
+++ packet.h 1999/12/07 02:09:47
@@ -408,6 +408,7 @@
void dissect_payload_ppp(const u_char *, int, frame_data *, proto_tree *);
void dissect_x25(const u_char *, int, frame_data *, proto_tree *);
void dissect_yhoo(const u_char *, int, frame_data *, proto_tree *);
+void dissect_srvloc(const u_char *, int, frame_data *, proto_tree *);
void dissect_smb(const u_char *, int, frame_data *, proto_tree *, int);
void dissect_pptp(const u_char *, int, frame_data *, proto_tree *);
- Follow-Ups:
- Re: [ethereal-dev] Hello and a patch
- From: Guy Harris
- Re: [ethereal-dev] Hello and a patch
- Prev by Date: [ethereal-dev] idea for style change of byte view highlighting and sample patch
- Next by Date: Re: [ethereal-dev] Hello and a patch
- Previous by thread: [ethereal-dev] idea for style change of byte view highlighting and sample patch
- Next by thread: Re: [ethereal-dev] Hello and a patch
- Index(es):
