First off, I just joined the list so forgive me if this question is
covered in documentation somewhere that I haven't found yet. (Feel free to
tell me RTFM ;-)
I'm the primary author of FreeTDS, which is a set of libraries to talk
from Unix to MS SQL Server and Sybase Databases. Anyway, I've had in the
back of my mind for a while building a dissector to decode TDS (see
item #30 on the ethereal wish list).
So, I'm doing some playing around with what it'll take to accomplish this,
and ran into a couple of questions. The TDS protocol is really two
protocols, netlib and TDS.
Netlib is an 8 byte header at the start of each logical packet. It
frames the TDS protocol, giving packet type and size. It's job is to glue
the TDS protocol to whatever transport its riding atop (TCP, DecNet,
IPX/SPX, etc...).
Within this, are a series of PDUs (protocol data units). This is
simplifying quite a bit, but the other gory details are orthogonal to this
discussion. The main point is that a PDU may half appear in one netlib
packet and half in another. Furthermore, dissecting many of the
downstream packets relies on much information from upstream.
My question is, does it make sense to make netlib its own dissector? And,
how do other protocols deal with a trace that may start somewhere in the
middle, missing important data from the start of the stream?
Thanks,
Brian
camber@xxxxxxx
http://www.freetds.org
