Ethereal-dev: [Ethereal-dev] Protocol Analysis Workbench ...

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Richard Sharpe <sharpe@xxxxxxxxxx>
Date: Sat, 16 Dec 2000 11:59:40 +1000
Hi,

It struck me that we have almost all we need in Ethereal to build some soft
of protocol analysis workbench ...

For an unknown protocol, one could use right mouse on the data/byte pane,
which would bring up a menu, and one item could be:

   Specify protocol (or something like that)

This would allow the user to bind a protocol to the rest of the data from
that position forward in the data pane, perhaps based on the value of some
bytes in the data portion.

We would need a little extra support, and the user would select from the
dissectors to use based on their names, but it certainly seems do-able.

Hmmm, we would need to be able to specify that all packets of a particular
type be dissected using a particular dissector. For example, X25 over LAPB
over Ethernet for Linux uses the unused DEC ethertype 0x6000, so one would
want to bind dissect_ip to the payload for all such ethernet frames.

However, one would also like to be able to say, these two bytes look like a
type field, so dissect the rest based on this value in this type field. For
example, 0x080045 is a dead givaway.

Regards
-------
Richard Sharpe, sharpe@xxxxxxxxxx
Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org)
Contributing author, SAMS Teach Yourself Samba in 24 Hours
Author, Special Edition, Using Samba